MCPcopy Index your code
hub / github.com/coder/coder / RenderOAuthAllowPage

Function RenderOAuthAllowPage

site/site.go:800–815  ·  view source on GitHub ↗

RenderOAuthAllowPage renders the static page for a user to "Allow" an create a new oauth2 link with an external site. This is when Coder is acting as the identity provider. This has to be done statically because Golang has to handle the full request. It cannot defer to the FE typescript easily.

(rw http.ResponseWriter, r *http.Request, data RenderOAuthAllowData)

Source from the content-addressed store, hash-verified

798// This has to be done statically because Golang has to handle the full request.
799// It cannot defer to the FE typescript easily.
800func RenderOAuthAllowPage(rw http.ResponseWriter, r *http.Request, data RenderOAuthAllowData) {
801 rw.Header().Set("Content-Type", "text/html; charset=utf-8")
802
803 // Prevent the consent page from being framed to mitigate
804 // clickjacking attacks (coder/security#121).
805 rw.Header().Set("Content-Security-Policy", "frame-ancestors 'none'")
806 rw.Header().Set("X-Frame-Options", "DENY")
807
808 err := oauthTemplate.Execute(rw, data)
809 if err != nil {
810 httpapi.Write(r.Context(), rw, http.StatusOK, codersdk.Response{
811 Message: "Failed to render oauth page: " + err.Error(),
812 })
813 return
814 }
815}

Callers 2

ShowAuthorizePageFunction · 0.92

Calls 6

WriteFunction · 0.92
SetMethod · 0.65
ExecuteMethod · 0.65
ContextMethod · 0.65
HeaderMethod · 0.45
ErrorMethod · 0.45

Tested by 1