Merge branch 'main' into v4.3.0
This commit is contained in:
commit
674382fb7f
@ -6,6 +6,17 @@ self-hosted.
|
||||
When doing this CSP will block resources (for example when viewing images) so
|
||||
add 'self' to the CSP to fix that.
|
||||
|
||||
Additionally the service worker defaults to handling *all* requests made to the
|
||||
current host but when self-hosting the webview this will end up including the
|
||||
webview HTML itself which means these requests will fail since the communication
|
||||
channel between the webview and the main thread has not been set up yet as the
|
||||
webview itself is not ready yet (it has no HTML and therefore no script either).
|
||||
Since this code exists only for the authentication case we can just skip it when
|
||||
it is served from the current host as authentication is not a problem if the
|
||||
request is not cross-origin.
|
||||
|
||||
To test, open a few types of webviews (images, markdown, extension details, etc).
|
||||
|
||||
Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
|
||||
===================================================================
|
||||
--- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
|
||||
@ -44,3 +55,22 @@ Index: code-server/lib/vscode/src/vs/workbench/common/webview.ts
|
||||
|
||||
/**
|
||||
* Construct a uri that can load resources inside a webview
|
||||
Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/service-worker.js
|
||||
===================================================================
|
||||
--- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/service-worker.js
|
||||
+++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/service-worker.js
|
||||
@@ -188,9 +188,11 @@ sw.addEventListener('fetch', (event) =>
|
||||
}
|
||||
}
|
||||
|
||||
- // If we're making a request against the remote authority, we want to go
|
||||
- // back through VS Code itself so that we are authenticated properly
|
||||
- if (requestUrl.host === remoteAuthority) {
|
||||
+ // If we're making a request against the remote authority, we want to go back
|
||||
+ // through VS Code itself so that we are authenticated properly. If the
|
||||
+ // service worker is hosted on the same origin we will have cookies and
|
||||
+ // authentication will not be an issue.
|
||||
+ if (requestUrl.origin !== sw.origin && requestUrl.host === remoteAuthority) {
|
||||
switch (event.request.method) {
|
||||
case 'GET':
|
||||
case 'HEAD':
|
||||
|
Reference in New Issue
Block a user