From 55e4c2ec61257561990bee3dda2129e6b5642f38 Mon Sep 17 00:00:00 2001
From: Steven Masley <stevenmasley@gmail.com>
Date: Tue, 15 Apr 2025 19:38:13 -0500
Subject: [PATCH 1/4] chore: disable authz-header in all builds

Header payload being large is causing some issues in dev builds.
Another method of opting in needs to be determined
---
 coderd/coderd.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/coderd/coderd.go b/coderd/coderd.go
index d8e9d96ff7106..2053db6757180 100644
--- a/coderd/coderd.go
+++ b/coderd/coderd.go
@@ -465,7 +465,14 @@ func New(options *Options) *API {
 	// We add this middleware early, to make sure that authorization checks made
 	// by other middleware get recorded.
 	if buildinfo.IsDev() {
-		r.Use(httpmw.RecordAuthzChecks)
+		// TODO: Find another solution to opt into these checks.
+		//   If the header grows too large, it breaks `fetch()` requests.
+		//   Temporarily disabling this until we can find a better solution.
+		//	 One idea is to include checking the request for `X-Authz-Record=true`
+		//   header. To opt in on a per-request basis.
+		//   Some authz calls (like filtering lists) might be able to be
+		//   summarized better to condense the header payload.
+		//r.Use(httpmw.RecordAuthzChecks)
 	}
 
 	ctx, cancel := context.WithCancel(context.Background())

From bffabc58da08c636fde1a6776a11a38344202eaf Mon Sep 17 00:00:00 2001
From: Steven Masley <stevenmasley@gmail.com>
Date: Tue, 15 Apr 2025 19:42:27 -0500
Subject: [PATCH 2/4] linting

---
 coderd/coderd.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/coderd/coderd.go b/coderd/coderd.go
index 2053db6757180..8b09ca28982df 100644
--- a/coderd/coderd.go
+++ b/coderd/coderd.go
@@ -472,7 +472,7 @@ func New(options *Options) *API {
 		//   header. To opt in on a per-request basis.
 		//   Some authz calls (like filtering lists) might be able to be
 		//   summarized better to condense the header payload.
-		//r.Use(httpmw.RecordAuthzChecks)
+		// r.Use(httpmw.RecordAuthzChecks)
 	}
 
 	ctx, cancel := context.WithCancel(context.Background())

From 1bb1c9254f864e7216f1f37dd9f61b74e7eef722 Mon Sep 17 00:00:00 2001
From: Steven Masley <stevenmasley@gmail.com>
Date: Tue, 15 Apr 2025 19:43:24 -0500
Subject: [PATCH 3/4] linting

---
 coderd/coderd.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/coderd/coderd.go b/coderd/coderd.go
index 8b09ca28982df..6d09998efa7ca 100644
--- a/coderd/coderd.go
+++ b/coderd/coderd.go
@@ -464,6 +464,7 @@ func New(options *Options) *API {
 	r := chi.NewRouter()
 	// We add this middleware early, to make sure that authorization checks made
 	// by other middleware get recorded.
+	//nolint:revive // This block will be re-enabled, not going to remove it
 	if buildinfo.IsDev() {
 		// TODO: Find another solution to opt into these checks.
 		//   If the header grows too large, it breaks `fetch()` requests.

From 30ba8ea6be262fd08e1ecb8bcd52ca9992bb25d8 Mon Sep 17 00:00:00 2001
From: Steven Masley <stevenmasley@gmail.com>
Date: Tue, 15 Apr 2025 20:10:18 -0500
Subject: [PATCH 4/4] more linters doing the same thing

---
 coderd/coderd.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/coderd/coderd.go b/coderd/coderd.go
index 6d09998efa7ca..72ebce81120fa 100644
--- a/coderd/coderd.go
+++ b/coderd/coderd.go
@@ -464,7 +464,7 @@ func New(options *Options) *API {
 	r := chi.NewRouter()
 	// We add this middleware early, to make sure that authorization checks made
 	// by other middleware get recorded.
-	//nolint:revive // This block will be re-enabled, not going to remove it
+	//nolint:revive,staticcheck // This block will be re-enabled, not going to remove it
 	if buildinfo.IsDev() {
 		// TODO: Find another solution to opt into these checks.
 		//   If the header grows too large, it breaks `fetch()` requests.

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/coder/coder/pull/17409.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/coder/coder/pull/17409.patch" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/coder/coder/pull/17409.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/coder/coder/pull/17409.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>