From 7eb6c7d3055d5486e059a7ab85047a7361114bc2 Mon Sep 17 00:00:00 2001 From: Copilot <198982749+Copilot@users.noreply.github.com> Date: Sat, 27 Sep 2025 18:49:43 +0200 Subject: [PATCH 1/2] Add trusted_domains variable to code-server module for link protection (#1) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Initial plan * Add trusted_domains variable to code-server module for link protection Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com> * Remove temporary plan files from commit Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com> * Refactor TRUSTED_DOMAINS_ARG to match EXTENSION_ARG pattern Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com> * Remove trusted domains tests as requested Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com> * Fix trusted domains to use multiple flag instances instead of comma-separated values Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com> * Update registry/coder/modules/code-server/run.sh Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update registry/coder/modules/code-server/run.sh Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Foorack <5008081+Foorack@users.noreply.github.com> Co-authored-by: Foorack / Max Faxälv Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- registry/coder/modules/code-server/main.tf | 7 +++++++ registry/coder/modules/code-server/run.sh | 14 +++++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/registry/coder/modules/code-server/main.tf b/registry/coder/modules/code-server/main.tf index 650829f68..38f257189 100644 --- a/registry/coder/modules/code-server/main.tf +++ b/registry/coder/modules/code-server/main.tf @@ -148,6 +148,12 @@ variable "open_in" { } } +variable "trusted_domains" { + type = list(string) + description = "A list of trusted domains for link protection. These domains will be added to the --link-protection-trusted-domains option." + default = [] +} + resource "coder_script" "code-server" { agent_id = var.agent_id display_name = "code-server" @@ -168,6 +174,7 @@ resource "coder_script" "code-server" { EXTENSIONS_DIR : var.extensions_dir, FOLDER : var.folder, AUTO_INSTALL_EXTENSIONS : var.auto_install_extensions, + TRUSTED_DOMAINS : join(",", var.trusted_domains), }) run_on_start = true diff --git a/registry/coder/modules/code-server/run.sh b/registry/coder/modules/code-server/run.sh index 73bcd6899..75a9e366e 100644 --- a/registry/coder/modules/code-server/run.sh +++ b/registry/coder/modules/code-server/run.sh @@ -13,10 +13,22 @@ if [ -n "${EXTENSIONS_DIR}" ]; then mkdir -p "${EXTENSIONS_DIR}" fi +# Set trusted domains argument +TRUSTED_DOMAINS_ARG="" +if [ -n "${TRUSTED_DOMAINS}" ]; then + # Split comma-separated domains and create multiple --link-protection-trusted-domains arguments + IFS=',' read -r -a DOMAINS_ARRAY <<< "${TRUSTED_DOMAINS}" + for domain in "${DOMAINS_ARRAY[@]}"; do + if [ -n "$domain" ]; then + TRUSTED_DOMAINS_ARG="$TRUSTED_DOMAINS_ARG --link-protection-trusted-domains=${domain}" + fi + done +fi + function run_code_server() { echo "👷 Running code-server in the background..." echo "Check logs at ${LOG_PATH}!" - $CODE_SERVER "$EXTENSION_ARG" --auth none --port "${PORT}" --app-name "${APP_NAME}" > "${LOG_PATH}" 2>&1 & + $CODE_SERVER $EXTENSION_ARG $TRUSTED_DOMAINS_ARG --auth none --port "${PORT}" --app-name "${APP_NAME}" > "${LOG_PATH}" 2>&1 & } # Check if the settings file exists... From a6e4529589bd0cd7815a941e8e9769bdaba4af6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Foorack=20/=20Max=20Fax=C3=A4lv?= Date: Thu, 16 Oct 2025 10:07:32 +0200 Subject: [PATCH 2/2] Update registry/coder/modules/code-server/run.sh Co-authored-by: DevCats --- registry/coder/modules/code-server/run.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/registry/coder/modules/code-server/run.sh b/registry/coder/modules/code-server/run.sh index 75a9e366e..4f440dbad 100644 --- a/registry/coder/modules/code-server/run.sh +++ b/registry/coder/modules/code-server/run.sh @@ -17,10 +17,9 @@ fi TRUSTED_DOMAINS_ARG="" if [ -n "${TRUSTED_DOMAINS}" ]; then # Split comma-separated domains and create multiple --link-protection-trusted-domains arguments - IFS=',' read -r -a DOMAINS_ARRAY <<< "${TRUSTED_DOMAINS}" - for domain in "${DOMAINS_ARRAY[@]}"; do + for domain in $(echo "${TRUSTED_DOMAINS}" | tr ',' ' '); do if [ -n "$domain" ]; then - TRUSTED_DOMAINS_ARG="$TRUSTED_DOMAINS_ARG --link-protection-trusted-domains=${domain}" + TRUSTED_DOMAINS_ARG="$TRUSTED_DOMAINS_ARG --link-protection-trusted-domains=$domain" fi done fi