Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

How to embed code-server into a website? #7445

Closed Unanswered
Lost135 asked this question in Q&A
Discussion options

I`am trying embed code-server webpage into another website, and it not work.
Code-server working in a docker container with http mode, and export a port to the internet,
and I deploy a https website program in another machine, another LAN.
When I open code-server in my wibsite program, it can`not connect code-server port.
It may resolve via nginx proxy, but I do`not want user to mach proxy program, it will make my architecture becomes more complex.

Possible problem: CSRF, samesite-auth-cookie

code-server version: v4.102.2
code-server command: /usr/bin/code-server --bind-addr 0.0.0.0:8080 --auth password --disable-telemetry .
my website program: another machine, another LAN, use https, embed code-server with js iframe

Thanks for help.
You must be logged in to vote

Replies: 2 comments 3 replies

Comment options

So you are serving code-server on HTTP and accessing that directly in an HTTPS website? Browsers will not allow this typically, both resources need to be HTTPS. If this is the case you should see an error about "mixed content" in the browser logs.
You must be logged in to vote
3 replies
Comment options

I change it to https also not work, it cannot login, always return to login page.
If I login on http website, and change it to https website with same password, it will skip login and report
image

Comment options

A 1006 can mean many things, but usually I have seen it happen when a reverse proxy is not set up to handle web sockets. For example NGINX requires:

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;

But there can be other reasons, if you still have problems could you post the browser console logs?
Comment options

I think it can also happen if the host is not set because the origin check will fail (you can run code-server --verbose to see if this is the case, look for messages about the origin). So you may need something like:

proxy_set_header Host $http_host;
Comment options

The best way to resolve CSRF or https proxy problem is use a nginx to proxy it, or try to rebuild code-server with samesite-auth-cookie secure-auth-cookie.
You must be logged in to vote
0 replies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet

AltStyle によって変換されたページ (->オリジナル) /