Skip to content

Commit cd6769d

Browse files
code-ashercode-asher
committed
fixup! chore: update Code to 1.68
1 parent e939f29 commit cd6769d

File tree

1 file changed

+29
-2
lines changed

1 file changed

+29
-2
lines changed

patches/webview.diff

+29-2
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index
5555

5656
+ // It is safe to run if we are on the same host.
5757
+ const parent = new URL(parentOrigin)
58-
+ if (parent.hostname === location.hostname) {
58+
+ if (parent.hostname === hostname) {
5959
+ return start(parentOrigin)
6060
+ }
6161
+
@@ -72,10 +72,37 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index
7272

7373
+ // It is safe to run if we are on the same host.
7474
+ const parent = new URL(parentOrigin)
75-
+ if (parent.hostname === location.hostname) {
75+
+ if (parent.hostname === hostname) {
7676
+ return start(parentOrigin)
7777
+ }
7878
+
7979
if (!crypto.subtle) {
8080
// cannot validate, not running in a secure context
8181
throw new Error(`Cannot validate in current context!`);
82+
Index: code-server/lib/vscode/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
83+
===================================================================
84+
--- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
85+
+++ code-server/lib/vscode/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
86+
@@ -4,7 +4,7 @@
87+
<meta http-equiv="Content-Security-Policy" content="
88+
default-src 'none';
89+
child-src 'self' data: blob:;
90+
- script-src 'self' 'unsafe-eval' 'sha256-fh3TwPMflhsEIpR8g1OYTIMVWhXTLcjQ9kh2tIpmv54=' https:;
91+
+ script-src 'self' 'unsafe-eval' 'unsafe-inline' https:;
92+
connect-src 'self' https: wss: http://localhost:* http://127.0.0.1:* ws://localhost:* ws://127.0.0.1:*;"/>
93+
</head>
94+
<body>
95+
@@ -23,6 +23,13 @@
96+
// validation not requested
97+
return start();
98+
}
99+
+
100+
+ // It is safe to run if we are on the same host.
101+
+ const parent = new URL(parentOrigin)
102+
+ if (parent.hostname === hostname) {
103+
+ return start()
104+
+ }
105+
+
106+
if (!crypto.subtle) {
107+
// cannot validate, not running in a secure context
108+
return sendError(new Error(`Cannot validate in current context!`));

0 commit comments

Comments
 (0)