Code-server sets cookies for the wildcard subdomain
Hey! Newbie code-server user here looking for some config help:
Just got code-server running behind nginx using a subdomain (e.g. dev-host.somedomain.com). The issue I'm having is that code-server keeps setting cookies with a domain of *.somedomain.com. This is quite undesirable as the cookie contents are also sent/leaked to the services running under other subdomains of somedomain.com
Actually, I would not have noticed this issue if not for the cookie contents triggering WAF on the other subdomains.
Any clue as to why this is happening? Is there a setting somewhere in code-server to enforce the cookie domain? Should this be considered a bug?
I know I can overwrite the cookie domain with nginx but I feel like I shouldn't have to...
2 Replies