From e6d2d72f9c96d4186912e078af8203055136f590 Mon Sep 17 00:00:00 2001 From: Joe Previte Date: Wed, 26 Oct 2022 11:20:11 -0700 Subject: [PATCH] fix: CSP and webview errors (#5712) * fix: update hashes in webview patch We missed a hash update and also had the wrong hash for another HTML file which caused issues in 4.8.0. * refactor: move parent-origin into webview --- patches/parent-origin.diff | 24 ------------------------ patches/webview.diff | 23 ++++++++++++++++++++++- 2 files changed, 22 insertions(+), 25 deletions(-) delete mode 100644 patches/parent-origin.diff diff --git a/patches/parent-origin.diff b/patches/parent-origin.diff deleted file mode 100644 index e49382483..000000000 --- a/patches/parent-origin.diff +++ /dev/null @@ -1,24 +0,0 @@ -Remove parentOriginHash checko - -This fixes webviews from not working properly due to a change upstream. -Upstream added a check to ensure parent authority is encoded into the webview -origin. Since our webview origin is the parent authority, we can bypass this -check. - -Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/main.js -=================================================================== ---- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/main.js -+++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/main.js -@@ -317,6 +317,12 @@ const hostMessaging = new class HostMess - const id = searchParams.get('id'); - - const hostname = location.hostname; -+ -+ // It is safe to run if we are on the same host. -+ const parent = new URL(parentOrigin) -+ if (parent.hostname == location.hostname) { -+ return start(parentOrigin) -+ } - - if (!crypto.subtle) { - // cannot validate, not running in a secure context diff --git a/patches/webview.diff b/patches/webview.diff index 49af19cb8..0e03b2581 100644 --- a/patches/webview.diff +++ b/patches/webview.diff @@ -25,6 +25,18 @@ Make sure to update the hash. To do so: 2. open any webview (i.e. preview Markdown) 3. see error in console and copy hash +That will test the hash change in pre/index.html + +Double-check the console to make sure there are no console errors for the webWorkerExtensionHostIframe +which also requires a hash change. + +parentOriginHash changes + +This fixes webviews from not working properly due to a change upstream. +Upstream added a check to ensure parent authority is encoded into the webview +origin. Since our webview origin is the parent authority, we can bypass this +check. + Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts =================================================================== --- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts @@ -54,6 +66,15 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index =================================================================== --- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html +++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html +@@ -5,7 +5,7 @@ + + + ++ content="default-src 'none'; script-src 'sha256-IZkGO4jZeUn7pzM6pBZCZc9bUYm8oVNV3z8zEa8gxlk=' 'self'; frame-src 'self'; style-src 'unsafe-inline';"> + + +