Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Don't check httponly cookie in dashboard #15666

Open
@mustard-mh

Description

We check and auth workspace cookie in workspace origin, but that cookie is httpOnly, which means this if will not work

Code pointer

if (!document.cookie.includes(`${instanceID}_owner_`)) {
Cookie policy Six requests from StartWorkspace.tsx
image image

How to reproduce

  • Open workspace https://gitpod.new with browser code
  • Exec curl lama.sh | sh to listen to port
  • Go to Ports tab next to Terminal tab in browser
  • Switch port private/public state and check with Browser DevTools / Network or Console

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    Status

    No status

    Milestone

    No milestone

      Relationships

      None yet

      Development

      No branches or pull requests

      Issue actions

        AltStyle によって変換されたページ (->オリジナル) /