dockerimg: remove configurability from open browser request
Innie is untrusted, so we can't let it provide a url to open (duh).
There's a chicken-and-egg problem here: we need to start the git
server before launching the container, but we need the container
port information to store the ps1URL on the git server.
Solve it with a little sync/atomic. There's a logical race here,
but if we lose the race, the behavior is that nothing happens,
at which point the user tries again and it works.
Good enough for now.
Co-Authored-By: sketch <hello@sketch.dev>
diff --git a/loop/agent.go b/loop/agent.go
index 3da8e94..042d9a5 100644
--- a/loop/agent.go
+++ b/loop/agent.go
@@ -491,10 +491,11 @@
}
// We're in Docker, need to send a request to the Git server
// to signal that the outer process should open the browser.
+ // We don't get to specify a URL, because we are untrusted.
httpc := &http.Client{Timeout: 5 * time.Second}
- resp, err := httpc.Post(a.outsideHTTP+"/browser", "text/plain", strings.NewReader(url))
+ resp, err := httpc.Post(a.outsideHTTP+"/browser", "text/plain", nil)
if err != nil {
- slog.Debug("browser launch request connection failed", "err", err, "url", url)
+ slog.Debug("browser launch request connection failed", "err", err)
return
}
defer resp.Body.Close()