RenderOAuthAllowPage renders the static page for a user to "Allow" an create a new oauth2 link with an external site. This is when Coder is acting as the identity provider. This has to be done statically because Golang has to handle the full request. It cannot defer to the FE typescript easily.
(rw http.ResponseWriter, r *http.Request, data RenderOAuthAllowData)
| 798 | // This has to be done statically because Golang has to handle the full request. |
| 799 | // It cannot defer to the FE typescript easily. |
| 800 | func RenderOAuthAllowPage(rw http.ResponseWriter, r *http.Request, data RenderOAuthAllowData) { |
| 801 | rw.Header().Set("Content-Type", "text/html; charset=utf-8") |
| 802 | |
| 803 | // Prevent the consent page from being framed to mitigate |
| 804 | // clickjacking attacks (coder/security#121). |
| 805 | rw.Header().Set("Content-Security-Policy", "frame-ancestors 'none'") |
| 806 | rw.Header().Set("X-Frame-Options", "DENY") |
| 807 | |
| 808 | err := oauthTemplate.Execute(rw, data) |
| 809 | if err != nil { |
| 810 | httpapi.Write(r.Context(), rw, http.StatusOK, codersdk.Response{ |
| 811 | Message: "Failed to render oauth page: " + err.Error(), |
| 812 | }) |
| 813 | return |
| 814 | } |
| 815 | } |