MCPcopy Index your code
hub / github.com/coder/coder / StripCoderCookies

Function StripCoderCookies

coderd/httpapi/cookie.go:11–38  ·  view source on GitHub ↗

StripCoderCookies removes the session token from the cookie header provided.

(header string)

Source from the content-addressed store, hash-verified

9
10// StripCoderCookies removes the session token from the cookie header provided.
11func StripCoderCookies(header string) string {
12 header = textproto.TrimString(header)
13 cookies := []string{}
14
15 var part string
16 for len(header) > 0 { // continue since we have rest
17 part, header, _ = strings.Cut(header, ";")
18 part = textproto.TrimString(part)
19 if part == "" {
20 continue
21 }
22 name, _, _ := strings.Cut(part, "=")
23 if name == codersdk.SessionTokenCookie ||
24 name == codersdk.OAuth2StateCookie ||
25 name == codersdk.OAuth2RedirectCookie ||
26 name == codersdk.PathAppSessionTokenCookie ||
27 // This uses a prefix check because the subdomain cookie is unique
28 // per workspace proxy and is based on a hash of the workspace proxy
29 // subdomain hostname. See the workspaceapps package for more
30 // details.
31 strings.HasPrefix(name, codersdk.SubdomainAppSessionTokenCookie) ||
32 name == codersdk.SignedAppTokenCookie {
33 continue
34 }
35 cookies = append(cookies, part)
36 }
37 return strings.Join(cookies, "; ")
38}

Callers 2

TestStripCoderCookiesFunction · 0.92
proxyWorkspaceAppMethod · 0.92

Calls

no outgoing calls

Tested by 1

TestStripCoderCookiesFunction · 0.74