MCPcopy Index your code
hub / github.com/coder/code-server / getCookieDomain

Function getCookieDomain

src/node/http.ts:207–246  ·  view source on GitHub ↗
(host: string, proxyDomains: string[])

Source from the content-addressed store, hash-verified

205 * `test.coder.com` if both are specified).
206 */
207export const getCookieDomain = (host: string, proxyDomains: string[]): string | undefined => {
208 const idx = host.lastIndexOf(":")
209 host = idx !== -1 ? host.substring(0, idx) : host
210 // If any of these are true we will still set cookies but without an explicit
211 // `Domain` attribute on the cookie.
212 if (
213 // The host can be be blank or missing so there's nothing we can set.
214 !host ||
215 // IP addresses can't have subdomains so there's no value in setting the
216 // domain for them. Assume that anything with a : is ipv6 (valid domain name
217 // characters are alphanumeric or dashes)...
218 host.includes(":") ||
219 // ...and that anything entirely numbers and dots is ipv4 (currently tlds
220 // cannot be entirely numbers).
221 !/[^0-9.]/.test(host) ||
222 // localhost subdomains don't seem to work at all (browser bug?). A cookie
223 // set at dev.localhost cannot be read by 8080.dev.localhost.
224 host.endsWith(".localhost") ||
225 // Domains without at least one dot (technically two since domain.tld will
226 // become .domain.tld) are considered invalid according to the spec so don't
227 // set the domain for them. In my testing though localhost is the only
228 // problem (the browser just doesn't store the cookie at all). localhost has
229 // an additional problem which is that a reverse proxy might give
230 // code-server localhost even though the domain is really domain.tld (by
231 // default NGINX does this).
232 !host.includes(".")
233 ) {
234 logger.debug("no valid cookie domain", field("host", host))
235 return undefined
236 }
237
238 proxyDomains.forEach((domain) => {
239 if (host.endsWith(domain) && domain.length < host.length) {
240 host = domain
241 }
242 })
243
244 logger.debug("got cookie domain", field("host", host))
245 return host || undefined
246}
247
248/**
249 * Return a function capable of fully disposing an HTTP server.

Callers 1

getCookieOptionsFunction · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected