Replace config.responses_originator_header_internal_override with CODEX_INTERNAL_ORIGINATOR_OVERRIDE_ENV_VAR (#3388)

The previous config approach had a few issues: 1. It is part of the config but not designed to be used externally 2. It had to be wired through many places (look at the +/- on this PR 3. It wasn't guaranteed to be set consistently everywhere because we don't have a super well defined way that configs stack. For example, the extension would configure during newConversation but anything that happened outside of that (like login) wouldn't get it. This env var approach is cleaner and also creates one less thing we have to deal with when coming up with a better holistic story around configs. One downside is that I removed the unit test testing for the override because I don't want to deal with setting the global env or spawning child processes and figuring out how to introspect their originator header. The new code is sufficiently simple and I tested it e2e that I feel as if this is still worth it.
2025-09-09 14:23:23 -07:00
parent f656e192bf
commit 5eab4c7ab4
20 changed files with 92 additions and 206 deletions
--- a/codex-rs/login/src/server.rs
+++ b/codex-rs/login/src/server.rs
@@ -16,6 +16,7 @@ use base64::Engine;
 use chrono::Utc;
 use codex_core::auth::AuthDotJson;
 use codex_core::auth::get_auth_file;
+use codex_core::default_client::ORIGINATOR;
 use codex_core::token_data::TokenData;
 use codex_core::token_data::parse_id_token;
 use rand::RngCore;
@@ -35,11 +36,10 @@ pub struct ServerOptions {
    pub port: u16,
    pub open_browser: bool,
    pub force_state: Option<String>,
-    pub originator: String,
 }

 impl ServerOptions {
-    pub fn new(codex_home: PathBuf, client_id: String, originator: String) -> Self {
+    pub fn new(codex_home: PathBuf, client_id: String) -> Self {
        Self {
            codex_home,
            client_id: client_id.to_string(),
@@ -47,7 +47,6 @@ impl ServerOptions {
            port: DEFAULT_PORT,
            open_browser: true,
            force_state: None,
-            originator,
        }
    }
 }
@@ -103,14 +102,7 @@ pub fn run_login_server(opts: ServerOptions) -> io::Result<LoginServer> {
    let server = Arc::new(server);

    let redirect_uri = format!("http://localhost:{actual_port}/auth/callback");
-    let auth_url = build_authorize_url(
-        &opts.issuer,
-        &opts.client_id,
-        &redirect_uri,
-        &pkce,
-        &state,
-        &opts.originator,
-    );
+    let auth_url = build_authorize_url(&opts.issuer, &opts.client_id, &redirect_uri, &pkce, &state);

    if opts.open_browser {
        let _ = webbrowser::open(&auth_url);
@@ -311,7 +303,6 @@ fn build_authorize_url(
    redirect_uri: &str,
    pkce: &PkceCodes,
    state: &str,
-    originator: &str,
 ) -> String {
    let query = vec![
        ("response_type", "code"),
@@ -323,7 +314,7 @@ fn build_authorize_url(
        ("id_token_add_organizations", "true"),
        ("codex_cli_simplified_flow", "true"),
        ("state", state),
-        ("originator", originator),
+        ("originator", ORIGINATOR.value.as_str()),
    ];
    let qs = query
        .into_iter()