Asher

Ahhh yeah we should have called ours `CODE_SERVER_PASSWORD` or something like that to avoid conflicts. I think it might be risky not to delete it, users might be relying on...

I left this for a bit to see if an idea would come to me. The best I could think of to maintain backwards compatibility was a new environment variable...

Oh thanks! Interesting, I never noticed it explicitly excluded the port. Seems odd since `Host` itself *does* include the port. I believe the attack only occurs across sub-domains and not...

Sorry we never responded. Does this still happen with the latest release?

Looks like Angular is dropping the base path and going against the root but unfortunately I am not familiar enough with Angular to say why. You might want to look...

Hmm so I think the problem might be a reverse proxy in front of code-server's proxy. If I serve code-server at `domain.tld/some-path` then try to access `domain.tld/some-path/absproxy/4200/` then the first...

I think I got it working: 1. Edit `src/index.html` with `` 2. Install https://www.npmjs.com/package/@angular-builders/custom-webpack 3. Set it up according to the module's documentation 4. Add this webpack config:. ```js module.exports...

Actually still not working...it times out now. Still not sure this can be resolved without some fix upstream in Angular or Webpack.

Yeah mine times out. I have no idea what causes it unfortunately. It seems to be the right path.

I am not sure if this is still an issue but we should try reproducing in Codespaces if it is.