MCPcopy Index your code
hub / github.com/coder/code-server / getCookieOptions

Function getCookieOptions

src/node/http.ts:302–325  ·  view source on GitHub ↗
(req: express.Request)

Source from the content-addressed store, hash-verified

300 * setting and unsetting cookies otherwise they are considered separate.
301 */
302export const getCookieOptions = (req: express.Request): express.CookieOptions => {
303 // Normally we set paths relatively. However browsers do not appear to allow
304 // cookies to be set relatively which means we need an absolute path. We
305 // cannot be guaranteed we know the path since a reverse proxy might have
306 // rewritten it. That means we need to get the path from the frontend.
307
308 // The reason we need to set the path (as opposed to defaulting to /) is to
309 // avoid code-server instances on different sub-paths clobbering each other or
310 // from accessing each other's tokens (and to prevent other services from
311 // accessing code-server's tokens).
312
313 // When logging in or out the request must include the href (the full current
314 // URL of that page) and the relative path to the root as given to it by the
315 // backend. Using these two we can determine the true absolute root.
316 const url = new URL(
317 req.query.base || req.body?.base || "/",
318 req.query.href || req.body?.href || "http://" + (req.headers.host || "localhost"),
319 )
320 return {
321 domain: getCookieDomain(url.host, req.args["proxy-domain"]),
322 path: normalize(url.pathname) || "/",
323 sameSite: "lax",
324 }
325}
326
327/**
328 * Return the full path to the current page, preserving any trailing slash.

Callers 2

login.tsFile · 0.90
logout.tsFile · 0.90

Calls 2

normalizeFunction · 0.90
getCookieDomainFunction · 0.85

Tested by

no test coverage detected