| 205 | * `test.coder.com` if both are specified). |
| 206 | */ |
| 207 | export const getCookieDomain = (host: string, proxyDomains: string[]): string | undefined => { |
| 208 | const idx = host.lastIndexOf(":") |
| 209 | host = idx !== -1 ? host.substring(0, idx) : host |
| 210 | // If any of these are true we will still set cookies but without an explicit |
| 211 | // `Domain` attribute on the cookie. |
| 212 | if ( |
| 213 | // The host can be be blank or missing so there's nothing we can set. |
| 214 | !host || |
| 215 | // IP addresses can't have subdomains so there's no value in setting the |
| 216 | // domain for them. Assume that anything with a : is ipv6 (valid domain name |
| 217 | // characters are alphanumeric or dashes)... |
| 218 | host.includes(":") || |
| 219 | // ...and that anything entirely numbers and dots is ipv4 (currently tlds |
| 220 | // cannot be entirely numbers). |
| 221 | !/[^0-9.]/.test(host) || |
| 222 | // localhost subdomains don't seem to work at all (browser bug?). A cookie |
| 223 | // set at dev.localhost cannot be read by 8080.dev.localhost. |
| 224 | host.endsWith(".localhost") || |
| 225 | // Domains without at least one dot (technically two since domain.tld will |
| 226 | // become .domain.tld) are considered invalid according to the spec so don't |
| 227 | // set the domain for them. In my testing though localhost is the only |
| 228 | // problem (the browser just doesn't store the cookie at all). localhost has |
| 229 | // an additional problem which is that a reverse proxy might give |
| 230 | // code-server localhost even though the domain is really domain.tld (by |
| 231 | // default NGINX does this). |
| 232 | !host.includes(".") |
| 233 | ) { |
| 234 | logger.debug("no valid cookie domain", field("host", host)) |
| 235 | return undefined |
| 236 | } |
| 237 | |
| 238 | proxyDomains.forEach((domain) => { |
| 239 | if (host.endsWith(domain) && domain.length < host.length) { |
| 240 | host = domain |
| 241 | } |
| 242 | }) |
| 243 | |
| 244 | logger.debug("got cookie domain", field("host", host)) |
| 245 | return host || undefined |
| 246 | } |
| 247 | |
| 248 | /** |
| 249 | * Return a function capable of fully disposing an HTTP server. |