CORS error when displaying code-server in a localhost iframe

Question

CORS error when displaying code-server in a localhost iframe

Opened this issue 14 days ago · 2 comments

johnykes commented 14 days ago

Is there an existing issue for this?

I have searched the existing issues

OS/Web Information

Web Browser: Brave
Local OS: Windows 11
Remote OS: Ubuntu 24
Remote Architecture: amd
code-server --version: latest

Steps to Reproduce

create a code-server using docker-compose on a ubuntu server

services:
  code-server:
    image: lscr.io/linuxserver/code-server:latest
    # image: linuxserver/code-server:latest
    container_name: code-server
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - PASSWORD=password #optional
      - HASHED_PASSWORD= #optional
      - SUDO_PASSWORD=password #optional
      - SUDO_PASSWORD_HASH= #optional
      - DEFAULT_WORKSPACE=/config/workspace #optional
    privileged: true
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - ./data/template/config:/config
    ports:
      - 8443:8443
    restart: unless-stopped

add HTTPS/SSL using CF tunnels / traefik or something
create a simple web page with an iframe that has src="your code-server url"

if I deploy the webpage with the same iframe on Vercel or something, it login works, but doesn't work from localhost. Why? That's annoying

Expected

I expect to see the code-server content in the iframe, even if I'm on localhost.

Actual

Logs

Screenshot/Video

No response

Does this bug reproduce in native VS Code?

Yes, this is also broken in native VS Code

Does this bug reproduce in GitHub Codespaces?

Yes, this is also broken in GitHub Codespaces

Are you accessing code-server over a secure context?

I am using a secure context.

Notes

Is there any setting for CORS on the code-server?

Answer 1 · 2025-03-20T21:15:30.000Z

Please be aware that the image of this repository is codercom/code-server and not linuxserver/code-server.

Please open issues regarding linuxserver/code-server at https://github.com/linuxserver/docker-code-server/issues.

Answer 2 · 2025-03-26T21:31:17.000Z

Yeah it seems more likely related to the deployment setup here than code-server. That "refused to connect" page is a browser-level error (or network-level rather, but I just mean it is not even hitting code-server as far as I can tell).