-
Notifications
You must be signed in to change notification settings - Fork 952
Closed
Labels
apiArea: HTTP APIArea: HTTP API
Description
Our cookie is named session_token
which is quite generic. We strip this when forwarding application traffic, meaning any application hosted cannot use this cookie. I suggest we prefix all our cookies with coder_
to deconflict anything in future.
Cookie names:
Lines 23 to 25 in 3e30cdd
SessionTokenKey = "session_token" | |
OAuth2StateKey = "oauth_state" | |
OAuth2RedirectKey = "oauth_redirect" |
Cookie Strip:
Line 143 in 3e30cdd
r.Header.Add("Cookie", httpapi.StripCoderCookies(cookieHeader)) |
kylecarbs, BrunoQuaresma and f0ssel
Metadata
Metadata
Assignees
Labels
apiArea: HTTP APIArea: HTTP API