cookieOnlySessionTokenProvider authenticates HTTP requests via the Coder-Session-Token header (for regular API calls) but authenticates WebSocket dials via Cookie only, matching how browsers behave (the native WebSocket constructor cannot set custom headers).
| 1046 | // browsers behave (the native WebSocket constructor cannot set |
| 1047 | // custom headers). |
| 1048 | type cookieOnlySessionTokenProvider struct { |
| 1049 | token string |
| 1050 | targetURL *url.URL |
| 1051 | // hostPrefix, when true, sends the cookie with the |
| 1052 | // __Host- prefix as browsers do with secure cookies. |
| 1053 | hostPrefix bool |
| 1054 | } |
| 1055 | |
| 1056 | func (p cookieOnlySessionTokenProvider) AsRequestOption() codersdk.RequestOption { |
| 1057 | return func(req *http.Request) { |
nothing calls this directly
no outgoing calls
no test coverage detected