1. 17 12月, 2019 1 次提交
  2. 08 11月, 2019 3 次提交
    • A
      Hash password · 20180248
      Asher 提交于
      Fixes issues with unexpected characters breaking things when setting the
      cookie (like semicolons).
      
      This change as-is does not affect the security of code-server
      itself (we've just replaced the static password with a static hash) but
      if we were to add a salt in the future it would let us invalidate keys
      by rehashing with a new salt which could be handy.
      20180248
    • A
      Handle cookies more robustly · a1d6bcb8
      Asher 提交于
      If you visit /login/ instead of /login the cookie will be set at /login
      instead of / which means the cookie can't be read at the root. It will
      redirect to the login page which *can* read the cookie at /login and
      redirect back resulting in an infinite loop.
      
      The previous solution relied on setting the cookie at / (any invalid
      value works) which then overrode the login page cookie since
      parseCookies only kept a single value. So the login page would see the
      same cookie the root was seeing and not redirect back. However, that
      behavior depends on the cookies being in the right order which I'm not
      sure is guaranteed.
      
      This new method tests all available cookies and always sets the cookie
      so the root path will be able to read it in case the login page is
      seeing a cookie the root can't.
      
      It also goes a step further and explicitly sets the path on the cookie
      which fixes the case where there is a permanent misconfiguration
      redirecting /login to /login/. Otherwise the cookie would continually be
      set on /login only and you'd have another loop. It also means you only
      need to delete one cookie to log out.
      
      Lastly add some properties to make the cookies a bit more secure.
      a1d6bcb8
    • E
      Clear password when redirecting to login · 727ac648
      ecrode 提交于
      Should prevent endless redirects when the cookie is set on a different path or domain (like with a dot prefix).
      727ac648
  3. 29 10月, 2019 4 次提交
  4. 28 10月, 2019 1 次提交
  5. 26 10月, 2019 1 次提交
  6. 25 10月, 2019 2 次提交
  7. 22 10月, 2019 1 次提交
  8. 19 10月, 2019 1 次提交
    • A
      Update to 1.39.2 · bdd11f74
      Asher 提交于
      Also too the opportunity to rewrite the build script since there was a
      change in the build steps (mainly how the product JSON is inserted) and
      to get the build changes out of the patch. It also no longer relies on
      external caching (we'll want to do this within CI instead).
      bdd11f74
  9. 12 10月, 2019 3 次提交
  10. 11 10月, 2019 1 次提交
  11. 05 10月, 2019 1 次提交
  12. 24 9月, 2019 1 次提交
  13. 17 9月, 2019 2 次提交
  14. 14 9月, 2019 1 次提交
  15. 13 9月, 2019 1 次提交
    • A
      Add tar endpoint · f8635a12
      Asher 提交于
      This will be used to load extensions into the browser using requirefs.
      f8635a12
  16. 10 9月, 2019 1 次提交
    • A
      Keep a maximum number of connections instead of a timeout · 11648013
      Asher 提交于
      There's no way to actually know if those clients have gone away, so it
      seems it might be better to base it on whether the user has connected
      again with new clients to determine if the old clients are now invalid.
      11648013
  17. 07 9月, 2019 1 次提交
  18. 30 8月, 2019 1 次提交
  19. 28 8月, 2019 1 次提交
    • A
      Don't open cwd by default · a3ee7c96
      Asher 提交于
      Fixes #889. Previous it would use the cwd. In some cases that's the
      path of where the binary is located which is a weird place to open.
      a3ee7c96
  20. 24 8月, 2019 1 次提交
  21. 21 8月, 2019 1 次提交
  22. 14 8月, 2019 1 次提交
  23. 13 8月, 2019 2 次提交
  24. 12 8月, 2019 1 次提交
  25. 10 8月, 2019 1 次提交
  26. 09 8月, 2019 1 次提交
  27. 08 8月, 2019 1 次提交
  28. 03 8月, 2019 2 次提交
    • A
      Fix login page · 5b64cb34
      Asher 提交于
      5b64cb34
    • A
      Groundwork for language support · 712274d9
      Asher 提交于
      - Implement the localization service.
      - Use the proper build process which generates the require JSON files.
      - Implement getting the locale and language configuration.
      712274d9
  29. 01 8月, 2019 1 次提交