Merge commit from fork

* Strip token from cookies before proxying Since this functionality requires information placed onto the request by code-server (req.args) and Express (req.cookies), move the standalone tests into the integration tests as the proxy can no longer run correctly on its own without that context. We could strip the header elsewhere or refactor in some way (pass in a callback function for the stripping or something) but this seems like the simplest and safest place at the moment to ensure we catch all uses of the proxy. In any case, I think it does lend more confidence to know we are testing the proxy the way it will be used in practice. The downside is some additional complexity when setting up tests, but at the moment I do not think that exchange is overly burdensome. * Properly stringify the cookie Cookie values need to be encoded, and they come off the req.cookies already decoded.
2026-06-17 07:27:10 +02:00 · 2026-06-15 16:37:07 -08:00
parent 92a7dce46f
commit 701566b895
4 changed files with 78 additions and 67 deletions
--- a/package-lock.json
+++ b/package-lock.json
@@ -13,6 +13,7 @@
        "@coder/logger": "^3.0.1",
        "argon2": "^0.44.0",
        "compression": "^1.7.4",
+        "cookie": "^1.1.1",
        "cookie-parser": "^1.4.6",
        "env-paths": "^2.2.1",
        "express": "^5.0.1",
@@ -1936,12 +1937,16 @@
      }
    },
    "node_modules/cookie": {
-      "version": "0.7.2",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
-      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-1.1.1.tgz",
+      "integrity": "sha512-ei8Aos7ja0weRpFzJnEA9UHJ/7XQmqglbRwnf2ATjcB9Wq874VKH9kfjjirM6UhU2/E5fFYadylyhFldcqSidQ==",
      "license": "MIT",
      "engines": {
-        "node": ">= 0.6"
+        "node": ">=18"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
      }
    },
    "node_modules/cookie-parser": {
@@ -1957,6 +1962,15 @@
        "node": ">= 0.8.0"
      }
    },
+    "node_modules/cookie-parser/node_modules/cookie": {
+      "version": "0.7.2",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
+      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
    "node_modules/cookie-signature": {
      "version": "1.0.6",
      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
@@ -2953,6 +2967,15 @@
        "url": "https://opencollective.com/express"
      }
    },
+    "node_modules/express/node_modules/cookie": {
+      "version": "0.7.2",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
+      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
    "node_modules/express/node_modules/cookie-signature": {
      "version": "1.2.2",
      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.2.2.tgz",