search

coder / code-server

VS Code in the browser
https://coder.com
MIT License
66.47k stars 5.45k forks source link

PASSWORD is unset by code-server #6856

Open hutch3232 opened 1 week ago

hutch3232 commented 1 week ago

Is there an existing issue for this?

OS/Web Information

code-server: v4.10.0
Code: 1.75.1
Commit: 441438abd1ac652551dbe4d408dfcec8a499b8bf
Date: 2023-02-13T16:47:00.619Z
Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[125.0.0.0](http://125.0.0.0/) Safari/537.36

Steps to Reproduce

  1. Set an environmental variable PASSWORD in the docker environment
  2. Launch code server and open terminal
  3. echo $PASSWORD <- does not exist

Expected

My PASSWORD env var should still exist in the launched code-server terminal, like all of my other env vars set in an identical manner.

Actual

I have the PASSWORD environmental variable set for an unrelated tool. When I launch code-server, I no longer have that environmental variable set. Would it be possible to not unset it?

I launch code-server like this:

code-server /mnt/code --user-data-dir /mnt/code/.vscode --auth none --bind-addr 0.0.0.0:8888 --extensions-dir ${HOME}/.local/share/code-server/extensions --disable-telemetry

And this is in a dockerized kubernetes container (lingo might be off...).

Logs

No response

Screenshot/Video

No response

Does this bug reproduce in native VS Code?

No, this works as expected in native VS Code

Does this bug reproduce in GitHub Codespaces?

I did not test GitHub Codespaces

Are you accessing code-server over a secure context?

Notes

I saw this issue: https://github.com/coder/code-server/issues/6698 which isn't really the same but vaguely related.

code-asher commented 1 week ago

Ahhh yeah we should have called ours CODE_SERVER_PASSWORD or something like that to avoid conflicts.

I think it might be risky not to delete it, users might be relying on that behavior now.

Is it possible you could use a different name or put it into the shell profile?

Maybe if auth is set to none we could avoid deleting PASSWORD, but as mentioned I am not sure if that might cause any security-related issues for folks that might be relying on the current behavior.

hutch3232 commented 1 week ago

Thank you for taking a look at this. Understand your concern. I can try to work it out on my end. Just thought I'd report it to see if it was something that could be easily changed. Thanks!