MCPcopy Index your code
hub / github.com/coder/coder / TokenFromRequest

Method TokenFromRequest

coderd/workspaceapps/cookies.go:76–97  ·  view source on GitHub ↗

AppConnectSessionTokenFromRequest returns the session token from the request if it exists. The access method is used to determine which cookie name to use. We use different cookie names for path apps and for subdomain apps to avoid both being set and sent to the server at the same time and the serv

(r *http.Request, accessMethod AccessMethod)

Source from the content-addressed store, hash-verified

74// We prefer the access-method-specific cookie first, then fall back to standard
75// Coder token extraction (query parameters, Coder-Session-Token header, etc.).
76func (c AppCookies) TokenFromRequest(r *http.Request, accessMethod AccessMethod) string {
77 // Prefer the access-method-specific cookie first.
78 //
79 // Workspace app requests commonly include an `Authorization` header intended
80 // for the upstream app (e.g. API calls). `httpmw.APITokenFromRequest` supports
81 // RFC 6750 bearer tokens, so if we consult it first we'd incorrectly treat
82 // that upstream header as a Coder session token and ignore the app session
83 // cookie, breaking token renewal for subdomain apps.
84 cookie, err := r.Cookie(c.CookieNameForAccessMethod(accessMethod))
85 if err == nil && cookie.Value != "" {
86 return cookie.Value
87 }
88
89 // Fall back to standard Coder token extraction (session cookie, query param,
90 // Coder-Session-Token header, and then Authorization: Bearer).
91 token := httpmw.APITokenFromRequest(r)
92 if token != "" {
93 return token
94 }
95
96 return ""
97}

Calls 2

APITokenFromRequestFunction · 0.92