gitpod
gitpod copied to clipboard
[ws-proxy] Filter cookies on all routes that send traffic to the workspace (except supervisor)
Description
Instead of only filtering auth cookies from port routes, filter it from all routes that are are:
- pointing at the workspace pod
- not directly meant for supervisor
Related Issue(s)
Fixes ENT-70
How to test
- see that you can start a workspace
Documentation
Preview status
Gitpod was successfully deployed to your preview environment.
- 🏷️ Name - gpl-70-fil05f72cb4be
- 🔗 URL - gpl-70-fil05f72cb4be.preview.gitpod-dev.com/workspaces.
- 📚 Documentation - See our internal documentation for information on how to interact with your preview environment.
- 📦 Version - gpl-70-filter-cookies-gha.25435
- 🗒️ Logs - GCP Logs Explorer
Build Options
Build
- [ ] /werft with-werft Run the build with werft instead of GHA
- [ ] leeway-no-cache
- [ ] /werft no-test
Run Leeway with
--dont-test
Publish
- [ ] /werft publish-to-npm
- [ ] /werft publish-to-jb-marketplace
Installer
- [ ] analytics=segment
- [ ] with-dedicated-emulation
- [ ] workspace-feature-flags Add desired feature flags to the end of the line above, space separated
Preview Environment / Integration Tests
- [ ] /werft with-local-preview
If enabled this will build
install/preview - [x] /werft with-preview
- [ ] /werft with-large-vm
- [x] /werft with-gce-vm If enabled this will create the environment on GCE infra
- [x] /werft preemptible Saves cost. Untick this only if you're really sure you need a non-preemtible machine.
- [ ] with-integration-tests=all
Valid options are
all,workspace,webapp,ide,jetbrains,vscode,ssh. If enabled,with-previewandwith-large-vmwill be enabled. - [ ] with-monitoring
/hold
@akosyakov Any ideas what we should test specifically? I did basic workspace starting, stopping, etc. and that did work.
We had some unit tests for routes, maybe we should extend them to verify that such cookie is not present? Otherwise I would also test it manually. cc @mustard-mh @iQQBot could you help with testing?
/unhold