Merge branch 'main' into v4.3.0

This commit is contained in:
Joe Previte 2022-04-14 11:03:14 -07:00 committed by GitHub
commit 674382fb7f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 30 additions and 0 deletions

View File

@ -6,6 +6,17 @@ self-hosted.
When doing this CSP will block resources (for example when viewing images) so
add 'self' to the CSP to fix that.
Additionally the service worker defaults to handling *all* requests made to the
current host but when self-hosting the webview this will end up including the
webview HTML itself which means these requests will fail since the communication
channel between the webview and the main thread has not been set up yet as the
webview itself is not ready yet (it has no HTML and therefore no script either).
Since this code exists only for the authentication case we can just skip it when
it is served from the current host as authentication is not a problem if the
request is not cross-origin.
To test, open a few types of webviews (images, markdown, extension details, etc).
Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
===================================================================
--- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
@ -44,3 +55,22 @@ Index: code-server/lib/vscode/src/vs/workbench/common/webview.ts
/**
* Construct a uri that can load resources inside a webview
Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/service-worker.js
===================================================================
--- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/service-worker.js
+++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/service-worker.js
@@ -188,9 +188,11 @@ sw.addEventListener('fetch', (event) =>
}
}
- // If we're making a request against the remote authority, we want to go
- // back through VS Code itself so that we are authenticated properly
- if (requestUrl.host === remoteAuthority) {
+ // If we're making a request against the remote authority, we want to go back
+ // through VS Code itself so that we are authenticated properly. If the
+ // service worker is hosted on the same origin we will have cookies and
+ // authentication will not be an issue.
+ if (requestUrl.origin !== sw.origin && requestUrl.host === remoteAuthority) {
switch (event.request.method) {
case 'GET':
case 'HEAD':