Foorack · Foorack · Sep 27, 2025 · Sep 27, 2025 · Sep 27, 2025 · Sep 27, 2025
diff --git a/registry/coder/modules/code-server/code-server.tftest.hcl b/registry/coder/modules/code-server/code-server.tftest.hcl
@@ -48,3 +48,31 @@ run "url_with_folder_query" {
     error_message = "coder_app URL must include encoded folder query param"
   }
 }
+
+run "trusted_domains_empty" {
+  command = plan
+
+  variables {
+    agent_id        = "foo"
+    trusted_domains = []
+  }
+
+  assert {
+    condition     = !can(regex("CODE_SERVER.*--link-protection-trusted-domains", resource.coder_script.code-server.script))
+    error_message = "Empty trusted_domains should not include --link-protection-trusted-domains option in command execution"
+  }
+}
+
+run "trusted_domains_with_values" {
+  command = plan
+
+  variables {
+    agent_id        = "foo"
+    trusted_domains = ["example.com", "trusted.org"]
+  }
+
+  assert {
+    condition     = can(regex("TRUSTED_DOMAINS_ARG=\"--link-protection-trusted-domains=example\\.com,trusted\\.org\"", resource.coder_script.code-server.script))
+    error_message = "trusted_domains should include --link-protection-trusted-domains option with correct domains in command execution"
+  }
+}
diff --git a/registry/coder/modules/code-server/main.tf b/registry/coder/modules/code-server/main.tf
@@ -148,6 +148,12 @@ variable "open_in" {
   }
 }
 
+variable "trusted_domains" {
+  type        = list(string)
+  description = "A list of trusted domains for link protection. These domains will be added to the --link-protection-trusted-domains option."
+  default     = []
+}
+
 resource "coder_script" "code-server" {
   agent_id     = var.agent_id
   display_name = "code-server"
@@ -168,6 +174,7 @@ resource "coder_script" "code-server" {
     EXTENSIONS_DIR : var.extensions_dir,
     FOLDER : var.folder,
     AUTO_INSTALL_EXTENSIONS : var.auto_install_extensions,
+    TRUSTED_DOMAINS : join(",", var.trusted_domains),
   })
   run_on_start = true
 

diff --git a/registry/coder/modules/code-server/run.sh b/registry/coder/modules/code-server/run.sh
@@ -13,10 +13,16 @@ if [ -n "${EXTENSIONS_DIR}" ]; then
   mkdir -p "${EXTENSIONS_DIR}"
 fi
 
+# Set trusted domains argument
+TRUSTED_DOMAINS_ARG=""
+if [ -n "${TRUSTED_DOMAINS}" ]; then
+  TRUSTED_DOMAINS_ARG="--link-protection-trusted-domains=${TRUSTED_DOMAINS}"
+fi
+
 function run_code_server() {
   echo "👷 Running code-server in the background..."
   echo "Check logs at ${LOG_PATH}!"
-  $CODE_SERVER "$EXTENSION_ARG" --auth none --port "${PORT}" --app-name "${APP_NAME}" > "${LOG_PATH}" 2>&1 &
+  $CODE_SERVER $EXTENSION_ARG $TRUSTED_DOMAINS_ARG --auth none --port "${PORT}" --app-name "${APP_NAME}" > "${LOG_PATH}" 2>&1 &
 }
 
 # Check if the settings file exists...