StripCoderCookies removes the session token from the cookie header provided.
(header string)
| 9 | |
| 10 | // StripCoderCookies removes the session token from the cookie header provided. |
| 11 | func StripCoderCookies(header string) string { |
| 12 | header = textproto.TrimString(header) |
| 13 | cookies := []string{} |
| 14 | |
| 15 | var part string |
| 16 | for len(header) > 0 { // continue since we have rest |
| 17 | part, header, _ = strings.Cut(header, ";") |
| 18 | part = textproto.TrimString(part) |
| 19 | if part == "" { |
| 20 | continue |
| 21 | } |
| 22 | name, _, _ := strings.Cut(part, "=") |
| 23 | if name == codersdk.SessionTokenCookie || |
| 24 | name == codersdk.OAuth2StateCookie || |
| 25 | name == codersdk.OAuth2RedirectCookie || |
| 26 | name == codersdk.PathAppSessionTokenCookie || |
| 27 | // This uses a prefix check because the subdomain cookie is unique |
| 28 | // per workspace proxy and is based on a hash of the workspace proxy |
| 29 | // subdomain hostname. See the workspaceapps package for more |
| 30 | // details. |
| 31 | strings.HasPrefix(name, codersdk.SubdomainAppSessionTokenCookie) || |
| 32 | name == codersdk.SignedAppTokenCookie { |
| 33 | continue |
| 34 | } |
| 35 | cookies = append(cookies, part) |
| 36 | } |
| 37 | return strings.Join(cookies, "; ") |
| 38 | } |
no outgoing calls