Add trusted_domains variable to code-server module for link protection #435
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for configuring trusted domains in the code-server module to enable link protection functionality. Users can now specify a list of domains that should be trusted when code-server validates external links.
- Adds a new
trusted_domainsvariable to accept a list of trusted domain strings - Updates the run script to process the domains and pass them to code-server via
--link-protection-trusted-domainsflags - Integrates the trusted domains configuration into the coder_script resource environment
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| main.tf | Adds trusted_domains variable definition and passes it to the script environment |
| run.sh | Implements domain processing logic and adds trusted domains arguments to code-server command |
|
If I understand these logs correctly, the error has nothing to do with this change? |
|
Will look into testing more this week, as well as adding tests specifically for this new feature. |
Foorack
force-pushed
the
link-protection-trusted-domains
branch
from
ccf5b22 to
52099ea
Compare
Foorack
changed the title
Foorack
changed the title
|
@Foorack Just want to check and see if there is any update? |
|
Closing because no response |
|
@DevelopmentCats Apologies with the delay, been busy with work. Can we please re-open the merge request? I do think it is very hasty to close a Pull Request that is less than a few weeks old. Your update check was also only 20 hours ago. The urgency to get this merged into main reduced once we had a very stable workaround, but I still want to upstream this for the benefit of the greater Coder community. locals {
<snip>
# Trusted domains for code-server link protection
trusted_domains = [
"https://open-vsx.org",
"https://github.com",
"*.foorack.com",
]
}
resource "coder_agent" "main" {
arch = data.coder_provisioner.me.arch
os = "linux"
dir = "/home/coder/${local.folder_name}"
# Add any commands that should be executed at workspace startup (e.g install requirements, start a program, etc) here
startup_script = <<-EOT
# Update code-server trusted domains
echo "🔧 Updating code-server trusted domains..."
mkdir -p /tmp/code-server/lib
while [ ! -f "$(find /tmp/code-server/lib/ -type f -name 'product.json' | head -n1)" ]; do :; done
CODE_SERVER_PROFILE_JSON="$(find /tmp/code-server/lib/ -type f -name 'product.json' | head -n1)"
cat $CODE_SERVER_PROFILE_JSON | jq '.linkProtectionTrustedDomains = ${jsonencode(local.trusted_domains)}' > /tmp/product-modified.json
mv /tmp/product-modified.json $CODE_SERVER_PROFILE_JSON
# Rest of setup...
<snip>
EOT
<snip>
} |
|
Yeah I can sorry about that! I generally try to close out PR's that haven't had a response in a few weeks but I'm never against reopening them 😃 I will keep your words in mind though. |
#1) * Initial plan * Add trusted_domains variable to code-server module for link protection Co-authored-by: Foorack <[email protected]> * Remove temporary plan files from commit Co-authored-by: Foorack <[email protected]> * Refactor TRUSTED_DOMAINS_ARG to match EXTENSION_ARG pattern Co-authored-by: Foorack <[email protected]> * Remove trusted domains tests as requested Co-authored-by: Foorack <[email protected]> * Fix trusted domains to use multiple flag instances instead of comma-separated values Co-authored-by: Foorack <[email protected]> * Update registry/coder/modules/code-server/run.sh Co-authored-by: Copilot <[email protected]> * Update registry/coder/modules/code-server/run.sh Co-authored-by: Copilot <[email protected]> --------- Co-authored-by: copilot-swe-agent[bot] <[email protected]> Co-authored-by: Foorack <[email protected]> Co-authored-by: Foorack / Max Faxälv <[email protected]> Co-authored-by: Copilot <[email protected]>
Co-authored-by: DevCats <[email protected]>
Foorack
force-pushed
the
link-protection-trusted-domains
branch
from
5e9cbe3 to
a6e4529
Compare
| # Split comma-separated domains and create multiple --link-protection-trusted-domains arguments | ||
| for domain in $(echo "${TRUSTED_DOMAINS}" | tr ',' ' '); do |
There was a problem hiding this comment.
This approach is vulnerable to word splitting and glob expansion issues. If a domain contains spaces or shell metacharacters, it will be incorrectly parsed. Use a more robust parsing method or validate input format.
| # Split comma-separated domains and create multiple --link-protection-trusted-domains arguments | |
| for domain in $(echo "${TRUSTED_DOMAINS}" | tr ',' ' '); do | |
| # Split comma-separated domains safely and create multiple --link-protection-trusted-domains arguments | |
| IFS=',' read -ra domains <<< "${TRUSTED_DOMAINS}" | |
| for domain in "${domains[@]}"; do |
2 participants
Description
This PR adds support for configuring trusted domains in the code-server module through a new
trusted_domainsvariable.This allows users to specify domains that should be trusted for link protection using code-server's
--link-protection-trusted-domainsoption.Type of Change
Module Information
Path:
registry/coder/modules/code-serverNew version: N/A
Breaking change: [ ] Yes [X] No
Related Issues
microsoft/vscode#82794
coder/coder#19995