Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set remote authority on frontend #25

Merged
merged 1 commit into from
Dec 14, 2021
Merged

Set remote authority on frontend #25

merged 1 commit into from
Dec 14, 2021

Conversation

code-asher
Copy link
Member

This should resolve at least some of the port issues, if not all of them.

See the commit message for details.

@code-asher
Set remote authority on frontend
33995fb 
Trying to determine the remote authority on the backend is brittle
because it does not work behind reverse proxies unless they send the
right headers containing information about the proxied source.

We could require users add the relevant configuration or provide the
remote authority via a flag but neither are user-friendly options.

We can make it work out of the box by changing the frontend to make
requests to its current address (which is what we try to set the remote
authority to anyway).  This actually already happens for the most part
except in some UI and logs although recent issues suggest there might be
other problems which should be entirely resolved by setting this on the
frontend.

In other words, the remote authority we set on the backend should never
be used so we set it to something invalid to ensure we notice (the
alternative is to rip it out but that is probably a bigger patch thus
generating more conflicts).

One scenario where we might want to set the remote authority from the
backend is if the frontend is served from a different location than the
backend but that is not supported behavior at the moment.  Even if we
did support this we still cannot determine the authority from the
backend (even for non-proxy scenarios in this case) and would need to
add a flag for it so this change would still be necessary.

coder/code-server#4604
coder/code-server#4607
coder/code-server#4608
jsjoeio
jsjoeio approved these changes Dec 14, 2021
View reviewed changes
Copy link

@jsjoeio jsjoeio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the detailed commit message! Very helpful in understanding the broader context. I guess the Codespaces team wouldn't run into this because it's never served behind a reverse proxy?

@code-asher
Copy link
Member Author

code-asher commented Dec 14, 2021
edited
Loading

They probably do serve it behind a reverse proxy but they will never need the port because the source is always 443 and they will never need the path because they always serve at the root, so for them it is safe to just use the host header as-is. And since they control everything they can ensure the host header is always set and accurate.

@jsjoeio
Copy link

jsjoeio commented Dec 14, 2021

They probably do serve it behind a reverse proxy but they will never need the port because the source is always 443 and they will never need the path because they always serve at the root, so for them it is safe to just use the host header as-is.

Ah! They're in control of these values so they don't need it to be as flexible as we do. Makes sense!

@code-asher code-asher merged commit 8c7a3f2 into coder:main Dec 14, 2021
@code-asher code-asher deleted the remote-authority-port branch December 14, 2021 17:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsjoeio jsjoeio jsjoeio approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@code-asher @jsjoeio