diff --git a/patches/webview.diff b/patches/webview.diff index a46901141..a4506b03b 100644 --- a/patches/webview.diff +++ b/patches/webview.diff @@ -6,6 +6,17 @@ self-hosted. When doing this CSP will block resources (for example when viewing images) so add 'self' to the CSP to fix that. +Additionally the service worker defaults to handling *all* requests made to the +current host but when self-hosting the webview this will end up including the +webview HTML itself which means these requests will fail since the communication +channel between the webview and the main thread has not been set up yet as the +webview itself is not ready yet (it has no HTML and therefore no script either). +Since this code exists only for the authentication case we can just skip it when +it is served from the current host as authentication is not a problem if the +request is not cross-origin. + +To test, open a few types of webviews (images, markdown, extension details, etc). + Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts =================================================================== --- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts @@ -44,3 +55,22 @@ Index: code-server/lib/vscode/src/vs/workbench/common/webview.ts /** * Construct a uri that can load resources inside a webview +Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/service-worker.js +=================================================================== +--- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/service-worker.js ++++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/service-worker.js +@@ -188,9 +188,11 @@ sw.addEventListener('fetch', (event) => + } + } + +- // If we're making a request against the remote authority, we want to go +- // back through VS Code itself so that we are authenticated properly +- if (requestUrl.host === remoteAuthority) { ++ // If we're making a request against the remote authority, we want to go back ++ // through VS Code itself so that we are authenticated properly. If the ++ // service worker is hosted on the same origin we will have cookies and ++ // authentication will not be an issue. ++ if (requestUrl.origin !== sw.origin && requestUrl.host === remoteAuthority) { + switch (event.request.method) { + case 'GET': + case 'HEAD':