Skip to content

Commit fc08fa6

Browse files
code-ashercode-asher
committed
fixup! chore: update Code to 1.68
1 parent e939f29 commit fc08fa6

File tree

1 file changed

+34
-2
lines changed

1 file changed

+34
-2
lines changed

patches/webview.diff

+34-2
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index
5555

5656
+ // It is safe to run if we are on the same host.
5757
+ const parent = new URL(parentOrigin)
58-
+ if (parent.hostname === location.hostname) {
58+
+ if (parent.hostname === hostname) {
5959
+ return start(parentOrigin)
6060
+ }
6161
+
@@ -72,10 +72,42 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index
7272

7373
+ // It is safe to run if we are on the same host.
7474
+ const parent = new URL(parentOrigin)
75-
+ if (parent.hostname === location.hostname) {
75+
+ if (parent.hostname === hostname) {
7676
+ return start(parentOrigin)
7777
+ }
7878
+
7979
if (!crypto.subtle) {
8080
// cannot validate, not running in a secure context
8181
throw new Error(`Cannot validate in current context!`);
82+
Index: code-server/lib/vscode/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
83+
===================================================================
84+
--- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
85+
+++ code-server/lib/vscode/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
86+
@@ -4,7 +4,7 @@
87+
<meta http-equiv="Content-Security-Policy" content="
88+
default-src 'none';
89+
child-src 'self' data: blob:;
90+
- script-src 'self' 'unsafe-eval' 'sha256-fh3TwPMflhsEIpR8g1OYTIMVWhXTLcjQ9kh2tIpmv54=' https:;
91+
+ script-src 'self' 'unsafe-eval' 'unsafe-inline' https:;
92+
connect-src 'self' https: wss: http://localhost:* http://127.0.0.1:* ws://localhost:* ws://127.0.0.1:*;"/>
93+
</head>
94+
<body>
95+
@@ -19,10 +19,18 @@
96+
(async function() {
97+
const hostnameValidationMarker = 'v--';
98+
const hostname = location.hostname;
99+
+ console.log(hostname)
100+
if (!hostname.startsWith(hostnameValidationMarker)) {
101+
// validation not requested
102+
return start();
103+
}
104+
+
105+
+ // It is safe to run if we are on the same host.
106+
+ const parent = new URL(parentOrigin)
107+
+ if (parent.hostname === hostname) {
108+
+ return start()
109+
+ }
110+
+
111+
if (!crypto.subtle) {
112+
// cannot validate, not running in a secure context
113+
return sendError(new Error(`Cannot validate in current context!`));

0 commit comments

Comments
 (0)