Skip to content

Commit e6d2d72

Browse files
jsjoeiojsjoeio
authored
fix: CSP and webview errors (#5712)
* fix: update hashes in webview patch We missed a hash update and also had the wrong hash for another HTML file which caused issues in 4.8.0. * refactor: move parent-origin into webview
1 parent 005fa87 commit e6d2d72

File tree

2 files changed

+22
-25
lines changed

2 files changed

+22
-25
lines changed

patches/parent-origin.diff

-24
This file was deleted.

patches/webview.diff

+22-1
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,18 @@ Make sure to update the hash. To do so:
2525
2. open any webview (i.e. preview Markdown)
2626
3. see error in console and copy hash
2727

28+
That will test the hash change in pre/index.html
29+
30+
Double-check the console to make sure there are no console errors for the webWorkerExtensionHostIframe
31+
which also requires a hash change.
32+
33+
parentOriginHash changes
34+
35+
This fixes webviews from not working properly due to a change upstream.
36+
Upstream added a check to ensure parent authority is encoded into the webview
37+
origin. Since our webview origin is the parent authority, we can bypass this
38+
check.
39+
2840
Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
2941
===================================================================
3042
--- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
@@ -54,6 +66,15 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index
5466
===================================================================
5567
--- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
5668
+++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
69+
@@ -5,7 +5,7 @@
70+
<meta charset="UTF-8">
71+
72+
<meta http-equiv="Content-Security-Policy"
73+
- content="default-src 'none'; script-src 'sha256-wwaDxsm1+SKIUb5YJXiZlYMyV7QPB8+zd6HPcTjigZs=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
74+
+ content="default-src 'none'; script-src 'sha256-IZkGO4jZeUn7pzM6pBZCZc9bUYm8oVNV3z8zEa8gxlk=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
75+
76+
<!-- Disable pinch zooming -->
77+
<meta name="viewport"
5778
@@ -331,6 +331,12 @@
5879

5980
const hostname = location.hostname;
@@ -93,7 +114,7 @@ Index: code-server/lib/vscode/src/vs/workbench/services/extensions/worker/webWor
93114
default-src 'none';
94115
child-src 'self' data: blob:;
95116
- script-src 'self' 'unsafe-eval' 'sha256-/r7rqQ+yrxt57sxLuQ6AMYcy/lUpvAIzHjIJt/OeLWU=' https:;
96-
+ script-src 'self' 'unsafe-eval' 'sha256-wwaDxsm1+SKIUb5YJXiZlYMyV7QPB8+zd6HPcTjigZs=' https:;
117+
+ script-src 'self' 'unsafe-eval' 'sha256-TkIM/TmudlFEe0ZRp0ptvN54LClwk30Rql4ZPE0hm/I=' https:;
97118
connect-src 'self' https: wss: http://localhost:* http://127.0.0.1:* ws://localhost:* ws://127.0.0.1:*;"/>
98119
</head>
99120
<body>

0 commit comments

Comments
 (0)