Skip to content

Add trusted_domains variable to code-server module for link protection #435

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add trusted_domains variable to code-server module for link protection #435

wants to merge 2 commits into from

Conversation

Foorack
Copy link

@Foorack Foorack commented Sep 27, 2025

Description

This PR adds support for configuring trusted domains in the code-server module through a new trusted_domains variable.

This allows users to specify domains that should be trusted for link protection using code-server's --link-protection-trusted-domains option.

Type of Change

  • New module
  • Bug fix
  • Feature/enhancement
  • Documentation
  • Other

Module Information

Path: registry/coder/modules/code-server
New version: N/A
Breaking change: [ ] Yes [X] No

Related Issues

microsoft/vscode#82794

coder/coder#19995

@Copilot Copilot AI review requested due to automatic review settings September 27, 2025 16:56
Copilot
Copilot AI reviewed Sep 27, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for configuring trusted domains in the code-server module to enable link protection functionality. Users can now specify a list of domains that should be trusted when code-server validates external links.

  • Adds a new trusted_domains variable to accept a list of trusted domain strings
  • Updates the run script to process the domains and pass them to code-server via --link-protection-trusted-domains flags
  • Integrates the trusted domains configuration into the coder_script resource environment

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
main.tf Adds trusted_domains variable definition and passes it to the script environment
run.sh Implements domain processing logic and adds trusted domains arguments to code-server command

@Foorack
Copy link
Author

Foorack commented Sep 30, 2025

If I understand these logs correctly, the error has nothing to do with this change?

registry/coder/modules/agentapi/main.test.ts:

registry/thezoker/modules/nodejs/main.test.ts:

7 tests failed:
(fail) jfrog-oauth > can run apply with required variables
(fail) jfrog-token > can run apply with required variables
(fail) github-upload-public-key > creates new key if one does not exist [15002.08ms]
  ^ this test timed out after 15000ms.
(fail) github-upload-public-key > does nothing if one already exists [5001.03ms]
  ^ this test timed out after 5000ms.
(fail) code-server > required variables [135.00ms]
(fail) code-server > use_cached and offline can not be used together [133.00ms]
(fail) code-server > offline and extensions can not be used together [136.00ms]

 376 pass
 7 fail
 2 errors
 1083 expect() calls
Ran 383 tests across 50 files. [453.11s]

@Foorack
Copy link
Author

Foorack commented Sep 30, 2025

Will look into testing more this week, as well as adding tests specifically for this new feature.

@Copilot @Foorack @Copilot
Add trusted_domains variable to code-server module for link protection (
52099ea 
#1)

* Initial plan

* Add trusted_domains variable to code-server module for link protection

Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com>

* Remove temporary plan files from commit

Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com>

* Refactor TRUSTED_DOMAINS_ARG to match EXTENSION_ARG pattern

Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com>

* Remove trusted domains tests as requested

Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com>

* Fix trusted domains to use multiple flag instances instead of comma-separated values

Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com>

* Update registry/coder/modules/code-server/run.sh

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update registry/coder/modules/code-server/run.sh

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com>
Co-authored-by: Foorack / Max Faxälv <max@foorack.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@Foorack Foorack force-pushed the link-protection-trusted-domains branch from ccf5b22 to 52099ea Compare September 30, 2025 21:24
@Foorack Foorack changed the title Add trusted_domains variable to code-server module for link protection Draft: Add trusted_domains variable to code-server module for link protection Sep 30, 2025
@Foorack Foorack changed the title Draft: Add trusted_domains variable to code-server module for link protection Add trusted_domains variable to code-server module for link protection Sep 30, 2025
@Foorack Foorack marked this pull request as draft September 30, 2025 21:24
DevelopmentCats
DevelopmentCats reviewed Oct 2, 2025
View reviewed changes
registry/coder/modules/code-server/run.sh
Comment on lines +16 to +23
# Set trusted domains argument
TRUSTED_DOMAINS_ARG=""
if [ -n "${TRUSTED_DOMAINS}" ]; then
# Split comma-separated domains and create multiple --link-protection-trusted-domains arguments
IFS=',' read -r -a DOMAINS_ARRAY <<< "${TRUSTED_DOMAINS}"
for domain in "${DOMAINS_ARRAY[@]}"; do
if [ -n "$domain" ]; then
TRUSTED_DOMAINS_ARG="$TRUSTED_DOMAINS_ARG --link-protection-trusted-domains=${domain}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Foorack Have you tested this module to make sure it works after the update?

This doesn't interpret correctly.

Suggested change
# Set trusted domains argument
TRUSTED_DOMAINS_ARG=""
if [ -n "${TRUSTED_DOMAINS}" ]; then
# Split comma-separated domains and create multiple --link-protection-trusted-domains arguments
IFS=',' read -r -a DOMAINS_ARRAY <<< "${TRUSTED_DOMAINS}"
for domain in "${DOMAINS_ARRAY[@]}"; do
if [ -n "$domain" ]; then
TRUSTED_DOMAINS_ARG="$TRUSTED_DOMAINS_ARG --link-protection-trusted-domains=${domain}"
# Set trusted domains argument
TRUSTED_DOMAINS_ARG=""
if [ -n "${TRUSTED_DOMAINS}" ]; then
# Split comma-separated domains and create multiple --link-protection-trusted-domains arguments
for domain in $(echo "${TRUSTED_DOMAINS}" | tr ',' ' '); do
if [ -n "$domain" ]; then
TRUSTED_DOMAINS_ARG="$TRUSTED_DOMAINS_ARG --link-protection-trusted-domains=$domain"

@DevelopmentCats DevelopmentCats marked this pull request as ready for review October 2, 2025 21:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@DevelopmentCats DevelopmentCats DevelopmentCats left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Foorack @DevelopmentCats