Open aksharbarot opened 2 weeks ago
How are you setting the proxy for VS Code? Using the http.proxy
setting?
Yes. It is added in settings.json
"coder.insecure": true,
"http.proxy": "http://IP:PORT",
"http.proxyAuthorization": null
at the same time when i hit enter in coder login url from extension.
I see below message in developer tool. VScode > Help > Toggle Developer Tool
But, when i manually curl -v coder url then, it does return "csrf-token"
When you run cURL is it using the proxy as well? Do you get a response back for curl --proxy http://IP:PORT https://my-coder-domain/api/v2/buildinfo
?
Are you able to get any logs from the proxy?
I think we need to add some better debugging on the plugin when a request fails, right now there is no good way to actually inspect the request that was made.
The CSRF error I believe can be ignored.
Yes. I get response back when i used --proxy in curl
PS C:\Users\demo\Downloads> curl -v --proxy http://127.0.0.1:3128 https://myurl.coder.domain/api/v2/buildinfo
* Uses proxy env variable no_proxy == 'localhost'
* Trying 127.0.0.1:3128...
* Connected to 127.0.0.1 (127.0.0.1) port 3128
* CONNECT tunnel: HTTP/1.1 negotiated
* allocate connect buffer
* Establish HTTP proxy tunnel to myurl.coder.domain:443
> CONNECT myurl.coder.domain:443 HTTP/1.1
> Host: myurl.coder.domain:443
> User-Agent: curl/8.7.1
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
< Connection: close
<
* CONNECT phase completed
* CONNECT tunnel established, response 200
I don't have proxy logs but, tcp trace shows as below,
14 3.913391 10.yyy.yyy.yyy 10.x.xxx.xxx HTTP 306 CONNECT myurl.coder.domain:443 HTTP/1.1 , NTLMSSP_NEGOTIATE 15 3.941441 10.x.xxx.xxx 10.yyy.yyy.yyy TCP 66 [TCP Window Update] 8080 → 41821 [ACK] Seq=1 Ack=1 ............ 84 4.126459 10.x.xxx.xxx 10.yyy.yyy.yyy HTTP 105 HTTP/1.1 200 Connection established 85 4.138854 10.yyy.yyy.yyy 10.x.xxx.xxx TLSv1.2 583 Client Hello (SNI=myurl.coder.domain) 86 4.187255 10.x.xxx.xxx 10.yyy.yyy.yyy TLSv1.2 1314 Server Hello 87 4.187255 10.x.xxx.xxx 10.yyy.yyy.yyy TLSv1.2 902 Certificate, Server Key Exchange, Server Hello Done
tcp trace logs when using vscode coder extentions
509 11.982731 10.yyy.yyy.yyy 10.x.xxx.xxx HTTP 455 GET https://myurl.coder.domain:8080/api/v2/users/me HTTP/1.1 , NTLMSSP_NEGOTIATE 510 12.014605 10.x.xxx.xxx 10.yyy.yyy.yyy TCP 66 [TCP Window Update] 8080 → 41704 [ACK] Seq=1 Ack=1 ............ 511 12.014605 10.x.xxx.xxx 10.yyy.yyy.yyy TCP 1314 8080 → 41704 [ACK] Seq=1 Ack=390 Win=99328 Len=1248 ............ 512 12.014974 10.yyy.yyy.yyy 10.x.xxx.xxx TCP 66 41704 → 8080 [ACK] Seq=390 Ack=1249 Win=132096 Len=0 ........... 513 12.015057 10.x.xxx.xxx 10.yyy.yyy.yyy TCP 1314 8080 → 41704 [ACK] Seq=1249 Ack=390 Win=99328 Len=1248 ............. 514 12.015057 10.x.xxx.xxx 10.yyy.yyy.yyy HTTP 613 HTTP/1.1 400 Bad Request (text/html)
in vscode, If i change below settings,
"http.proxySupport": "fallback"
then, port 8080 is not added. but, still it fails with 400 Bad Request
176 7.115697 10.yyy.yyy.yyy 10.x.xxx.xxx HTTP 483 GET https://myurl.coder.domain/api/v2/users/me HTTP/1.1 , NTLMSSP_NEGOTIATE 177 7.142449 10.x.xxx.xxx 10.yyy.yyy.yyy TCP 66 [TCP Window Update] 8080 → 32101 [ACK] Seq=1 Ack=1 ........... 178 7.146010 10.x.xxx.xxx 10.yyy.yyy.yyy TCP 1314 8080 → 32101 [ACK] Seq=1 Ack=418 Win=99328 Len=1248 ............ 179 7.146010 10.x.xxx.xxx 10.yyy.yyy.yyy TCP 1314 8080 → 32101 [ACK] Seq=1249 Ack=418 Win=99328 Len=1248 ............... 180 7.146010 10.x.xxx.xxx 10.yyy.yyy.yyy HTTP 608 HTTP/1.1 400 Bad Request (text/html)
same GET url does work from curl but, not from extension
Hmmmm interesting that the CONNECT seems to be missing in the tcp trace.
One thing you could try is to update to 1.2.1 and set http.proxySupport
to either on
or off
to make the Coder plugin use its own proxy rather than have VS Code handle it, although our support is pretty much the same as VS Code's so I doubt it would work any better, but if it does work with ours that means there could be a bug in VS Code.
Do other parts of VS Code work fine with the proxy? Like searching for extensions?
@code-asher searching and downloading extensions works fine and well.
No. changing, http.proxySupport didn't help.
but, wondering that why coder extension is making query to get https://myurl.coder.domain/api/v2/users/me because, It should go for authentication first.
GET https://myurl.coder.domain/api/v2/users/me HTTP/1.1 Accept: application/json, text/plain, / Coder-Session-Token: AdBes3XXXXXXXXXXXXXXXXXXXXCYH User-Agent: axios/1.6.8 Accept-Encoding: gzip, compress, deflate, br host: myurl.coder.domain Connection: close
HTTP/1.1 400 Bad Request Cache-Control: no-cache X-XSS-Protection: 1 Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 2863 Pragma: no-cache
I understood that GET and PUT requests are getting block.
I tried manually send GET request using axios and It is showing same error as coder extensions shows status 400.
but, wondering that why coder extension is making query to get https://myurl.coder.domain/api/v2/users/me because, It should go for authentication first.
What do you mean by "go for authentication first"? We always need the user details, so we make that the first call. There is no separate auth call, we have to handle authorization for every call we make since the token can expire at any time, if that makes sense.
I understood that GET and PUT requests are getting block.
Oh interesting! Could be a proxy configuration issue then?
Issue Title
VSCode Desktop unable to authenticate coder url.
Tried to open workspace directly
Description
Coder is working fine in Terminal. I can able to connect using manual command
ssh -v -T -D 49217 "coder-vscode--iknow--silver-greenhopper-59" bash
Version
v2.11.0+8979bf
Extensions Version: V1.0.2 / used as well V1.1.0
Steps to Reproduce
Step 1: Login to Coder URL Step 2: Create workspace template Step 3: Create workspace from Step 2 Step 4: Connect to vscode
Logs from vscode
No logs
Logs from "globalStorage\coder.coder-remote\log"
No logs here as well
Command line login
coder login works file when provide token
Note
Using self sign certificate using http_proxy too