- 17 12月, 2019 1 次提交
-
-
由 Asher 提交于
-
- 08 11月, 2019 3 次提交
-
-
由 Asher 提交于
Fixes issues with unexpected characters breaking things when setting the cookie (like semicolons). This change as-is does not affect the security of code-server itself (we've just replaced the static password with a static hash) but if we were to add a salt in the future it would let us invalidate keys by rehashing with a new salt which could be handy.
-
由 Asher 提交于
If you visit /login/ instead of /login the cookie will be set at /login instead of / which means the cookie can't be read at the root. It will redirect to the login page which *can* read the cookie at /login and redirect back resulting in an infinite loop. The previous solution relied on setting the cookie at / (any invalid value works) which then overrode the login page cookie since parseCookies only kept a single value. So the login page would see the same cookie the root was seeing and not redirect back. However, that behavior depends on the cookies being in the right order which I'm not sure is guaranteed. This new method tests all available cookies and always sets the cookie so the root path will be able to read it in case the login page is seeing a cookie the root can't. It also goes a step further and explicitly sets the path on the cookie which fixes the case where there is a permanent misconfiguration redirecting /login to /login/. Otherwise the cookie would continually be set on /login only and you'd have another loop. It also means you only need to delete one cookie to log out. Lastly add some properties to make the cookies a bit more secure.
-
由 ecrode 提交于
Should prevent endless redirects when the cookie is set on a different path or domain (like with a dot prefix).
-
- 29 10月, 2019 4 次提交
- 28 10月, 2019 1 次提交
-
-
由 Asher 提交于
Fixes #1050.
-
- 26 10月, 2019 1 次提交
-
-
由 Asher 提交于
This makes viewing images work. Fixes #1111.
-
- 25 10月, 2019 2 次提交
- 22 10月, 2019 1 次提交
-
-
由 Asher 提交于
Fixes it not being included in the optimized build as well as making it more consistent.
-
- 19 10月, 2019 1 次提交
-
-
由 Asher 提交于
Also too the opportunity to rewrite the build script since there was a change in the build steps (mainly how the product JSON is inserted) and to get the build changes out of the patch. It also no longer relies on external caching (we'll want to do this within CI instead).
-
- 12 10月, 2019 3 次提交
- 11 10月, 2019 1 次提交
-
-
由 Asher 提交于
-
- 05 10月, 2019 1 次提交
-
-
由 Asher 提交于
-
- 24 9月, 2019 1 次提交
-
-
由 Asher 提交于
-
- 17 9月, 2019 2 次提交
- 14 9月, 2019 1 次提交
-
-
由 Asher 提交于
We will clean it up on our end if necessary. This allows reconnections after any length of time.
-
- 13 9月, 2019 1 次提交
-
-
由 Asher 提交于
This will be used to load extensions into the browser using requirefs.
-
- 10 9月, 2019 1 次提交
-
-
由 Asher 提交于
There's no way to actually know if those clients have gone away, so it seems it might be better to base it on whether the user has connected again with new clients to determine if the old clients are now invalid.
-
- 07 9月, 2019 1 次提交
-
-
由 Asher 提交于
-
- 30 8月, 2019 1 次提交
-
-
由 Asher 提交于
This is so we can try out the web worker extension host.
-
- 28 8月, 2019 1 次提交
-
-
由 Asher 提交于
Fixes #889. Previous it would use the cwd. In some cases that's the path of where the binary is located which is a weird place to open.
-
- 24 8月, 2019 1 次提交
-
-
由 Asher 提交于
This means something is misconfigured.
-
- 21 8月, 2019 1 次提交
-
-
由 Asher 提交于
-
- 14 8月, 2019 1 次提交
-
-
由 Asher 提交于
-
- 13 8月, 2019 2 次提交
- 12 8月, 2019 1 次提交
-
-
由 Asher 提交于
-
- 10 8月, 2019 1 次提交
-
-
由 Asher 提交于
-
- 09 8月, 2019 1 次提交
-
-
由 Asher 提交于
-
- 08 8月, 2019 1 次提交
-
-
由 Asher 提交于
-
- 03 8月, 2019 2 次提交
- 01 8月, 2019 1 次提交
-
-
由 Asher 提交于
-