diff --git a/codersdk/client.go b/codersdk/client.go index b0fb4d9764b3c..2097225ff489c 100644 --- a/codersdk/client.go +++ b/codersdk/client.go @@ -354,7 +354,7 @@ func (c *Client) Dial(ctx context.Context, path string, opts *websocket.DialOpti if opts.HTTPHeader == nil { opts.HTTPHeader = http.Header{} } - if opts.HTTPHeader.Get("tokenHeader") == "" { + if opts.HTTPHeader.Get(tokenHeader) == "" { opts.HTTPHeader.Set(tokenHeader, c.SessionToken()) } diff --git a/vpn/client.go b/vpn/client.go index e3f3e767fc477..d52718e7fa7ab 100644 --- a/vpn/client.go +++ b/vpn/client.go @@ -92,7 +92,7 @@ func (*client) NewConn(initCtx context.Context, serverURL *url.URL, token string sdk.SetSessionToken(token) sdk.HTTPClient.Transport = &codersdk.HeaderTransport{ Transport: http.DefaultTransport, - Header: headers, + Header: headers.Clone(), } // New context, separate from initCtx. We don't want to cancel the @@ -129,17 +129,18 @@ func (*client) NewConn(initCtx context.Context, serverURL *url.URL, token string headers.Set(codersdk.SessionTokenHeader, token) dialer := workspacesdk.NewWebsocketDialer(options.Logger, rpcURL, &websocket.DialOptions{ HTTPClient: sdk.HTTPClient, - HTTPHeader: headers, + HTTPHeader: headers.Clone(), CompressionMode: websocket.CompressionDisabled, }, workspacesdk.WithWorkspaceUpdates(&proto.WorkspaceUpdatesRequest{ WorkspaceOwnerId: tailnet.UUIDToByteSlice(me.ID), })) + clonedHeaders := headers.Clone() ip := tailnet.CoderServicePrefix.RandomAddr() conn, err := tailnet.NewConn(&tailnet.Options{ Addresses: []netip.Prefix{netip.PrefixFrom(ip, 128)}, DERPMap: connInfo.DERPMap, - DERPHeader: &headers, + DERPHeader: &clonedHeaders, DERPForceWebSockets: connInfo.DERPForceWebSockets, Logger: options.Logger, BlockEndpoints: connInfo.DisableDirectConnections, diff --git a/vpn/client_test.go b/vpn/client_test.go index 4b05bf108e8e4..de13b2349d5d4 100644 --- a/vpn/client_test.go +++ b/vpn/client_test.go @@ -90,6 +90,8 @@ func TestClient_WorkspaceUpdates(t *testing.T) { server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { switch r.URL.Path { case "/api/v2/users/me": + values := r.Header.Values(codersdk.SessionTokenHeader) + assert.Len(t, values, 1, "expected exactly one session token header value") httpapi.Write(ctx, w, http.StatusOK, codersdk.User{ ReducedUser: codersdk.ReducedUser{ MinimalUser: codersdk.MinimalUser{ @@ -101,6 +103,8 @@ func TestClient_WorkspaceUpdates(t *testing.T) { user <- struct{}{} case "/api/v2/workspaceagents/connection": + values := r.Header.Values(codersdk.SessionTokenHeader) + assert.Len(t, values, 1, "expected exactly one session token header value") httpapi.Write(ctx, w, http.StatusOK, tc.agentConnectionInfo) connInfo <- struct{}{} @@ -109,6 +113,9 @@ func TestClient_WorkspaceUpdates(t *testing.T) { cVer := r.URL.Query().Get("version") assert.Equal(t, "2.3", cVer) + values := r.Header.Values(codersdk.SessionTokenHeader) + assert.Len(t, values, 1, "expected exactly one session token header value") + sws, err := websocket.Accept(w, r, nil) if !assert.NoError(t, err) { return
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies: