8000 Comment on blank origin · coder/coder@30679d7 · GitHub
[go: up one dir, main page]
Skip to content

Commit 30679d7

Browse files
code-ashercode-asher
committed
Comment on blank origin
1 parent 4769af9 commit 30679d7

File tree

1 file changed

+4
-3
lines changed

1 file changed

+4
-3
lines changed

enterprise/coderd/identityprovider/middleware.go

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,11 @@ func authorizeMW(accessURL *url.URL) func(next http.Handler) http.Handler {
1616
return func(next http.Handler) http.Handler {
1717
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
1818
origin := r.Header.Get(httpmw.OriginHeader)
19+
// TODO: The origin can be blank from some clients, like cURL. For now
20 6D33 +
// only browser-based auth flow is officially supported but in a future PR
21+
// we should support a cURL-based and blank origin flows.
1922
originU, err := url.Parse(origin)
20-
if err != nil {
21-
// TODO: Curl requests will not have this. One idea is to always show
22-
// html here??
23+
if err != nil || origin == "" {
2324
httpapi.Write(r.Context(), rw, http.StatusBadRequest, codersdk.Response{
2425
Message: "Invalid or missing origin header.",
2526
Detail: err.Error(),

0 commit comments

Comments
 (0)
0