Implement basic directives via HTTP headers and/or cookies

[daumling]

I've implemented a simple auth mechanism using nginx's auth feature. This works just nicely. What I'd like to have is a way to supply basic features to code-server via HTTP headers or cookies.

When a user logs in, the login script could, for example, set a HTTP header with a code-server directive to emulate a chroot for the given user, like e.g.

X-Codeserver-Root: /home/username

This would tell code-server to use the given folder as root folder for this session. This would be a great sandboxing feature for multiple users.

Other HTTP headers would include:

X-Codeserver-Workspace: ...path name ....
X-Codeserver-Folder: ...path name...
X-Codeserver-File: ...path name...

In my case, several users contribute to markdown documentation that is hosted on Github. This solution would allow each use to have his/her own copy of the Github repo, making it safe for concurrent editing.

I am sure that there may be other ideas or use cases for code-server control through HTTP headers.

[nhooyr]

This is something that should be implemented outside of code-server. You could have a proxy that launches a new code-server per user in a chroot.

[nhooyr]

There are also some query parameters you may find useful: https://github.com/cdr/code-server/blob/v3.8.0/doc/FAQ.md#how-does-code-server-decide-what-workspace-or-folder-to-open

[daumling]

Thanks, I am already using query parameters, but nothing keeps users from leaving their folder tree, which could be a security problem.

…

On 18. Jan 2021, at 17:03, Anmol Sethi ***@***.***> wrote: There are also some query parameters you may find useful: https://github.com/cdr/code-server/blob/v3.8.0/doc/FAQ.md#how-does-code-server-decide-what-workspace-or-folder-to-open <https://github.com/cdr/code-server/blob/v3.8.0/doc/FAQ.md#how-does-code-server-decide-what-workspace-or-folder-to-open> — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#2506 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADX5DOJGKWYF3DJBNPX6V73S2RLTTANCNFSM4VGYMCPQ>. [ { ***@***.***": "http://schema.org", ***@***.***": "EmailMessage", "potentialAction": { ***@***.***": "ViewAction", "target": "#2506 (comment)", "url": "#2506 (comment)", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { ***@***.***": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

[nhooyr]

Thanks, I am already using query parameters, but nothing keeps users from leaving their folder tree, which could be a security problem.

See #1834