Skip to content

fix: CSP and webview errors #5712

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 26, 2022
Merged

fix: CSP and webview errors #5712

merged 2 commits into from
Oct 26, 2022

Conversation

jsjoeio
Copy link
Contributor

@jsjoeio jsjoeio commented Oct 26, 2022
edited
Loading

Description

When we released 4.8.0, we were using the wrong hash in two HTML files causing various issues related to webviews. This fixes it.

Changes

  • fix: update hashes in webview patch
  • refactor: move parent-origin into webview

TODOs

  • add e2e test which uses Markdown preview
  • modify test-extension to use extension webview and add test

fixes #5711
fixes #5710
fixes #5708

@jsjoeio
fix: update hashes in webview patch
46b6672 
We missed a hash update and also had the wrong hash for another HTML
file which caused issues in 4.8.0.
@jsjoeio
refactor: move parent-origin into webview
a515ac4
@jsjoeio jsjoeio changed the title jsjoeio/fix hash fix: CSP and webview errors Oct 26, 2022
@jsjoeio jsjoeio self-assigned this Oct 26, 2022
@jsjoeio jsjoeio temporarily deployed to npm October 26, 2022 17:17 Inactive
@codecov
Copy link

codecov bot commented Oct 26, 2022

Codecov Report

Merging #5712 (a515ac4) into main (005fa87) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #5712   +/-   ##
=======================================
  Coverage   72.61%   72.61%           
=======================================
  Files          30       30           
  Lines        1680     1680           
  Branches      368      368           
=======================================
  Hits         1220     1220           
  Misses        397      397           
  Partials       63       63

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 005fa87...a515ac4. Read the comment docs.

@github-actions
Copy link

✨ code-server dev build published to npm for PR #5712!

  • Last publish status: success
  • Commit: a515ac4

To install in a local project, run:

npm install @coder/code-server-pr@5712

To install globally, run:

npm install -g @coder/code-server-pr@5712

@jsjoeio
Copy link
Contributor Author

jsjoeio commented Oct 26, 2022

Decided we need to get this out ASAP so I will add tests later!

@jsjoeio jsjoeio marked this pull request as ready for review October 26, 2022 18:20
@jsjoeio jsjoeio requested a review from a team as a code owner October 26, 2022 18:20
@jsjoeio jsjoeio merged commit e6d2d72 into main Oct 26, 2022
@jsjoeio jsjoeio deleted the jsjoeio/fix-hash branch October 26, 2022 18:20
@jsjoeio
Copy link
Contributor Author

jsjoeio commented Oct 26, 2022

We will publish a release candidate with a fix shortly (probably within the next 3-4 hours)

@achalagarwal
Copy link

@jsjoeio how do I use the install script to install a pre-release version?

@jsjoeio
Copy link
Contributor Author

jsjoeio commented Oct 27, 2022

Apologies, that should be documented somewhere. I believe passing --edge should work. https://github.com/coder/code-server/blob/main/install.sh#L35-L36

@jsjoeio jsjoeio mentioned this pull request Oct 27, 2022
Closed
@qjaden
Copy link

qjaden commented Sep 6, 2023

Apologies, that should be documented somewhere. I believe passing --edge should work. https://github.com/coder/code-server/blob/main/install.sh#L35-L36

code-server 4.16.1 94ef377 has the same error

@code-asher
Copy link
Member

Hmm I am not seeing an issue on 4.16.1 using Chromium. Are you able to consistently reproduce it?

@qjaden
Copy link

qjaden commented Sep 8, 2023

Hmm I am not seeing an issue on 4.16.1 using Chromium. Are you able to consistently reproduce it?

I can 100% reproduce this issue.

I used the same configuration as this issue (#6421).

@qjaden
Copy link

qjaden commented Sep 8, 2023

Hmm I am not seeing an issue on 4.16.1 using Chromium. Are you able to consistently reproduce it?

image

@code-asher
Copy link
Member

Thank you for the screenshot! Do you trigger this by opening a markdown preview or another way? I have tried a few things (markdown preview, web extension, extension readmes, Jupyter extension) but nothing triggers it for me so far.

Do you have any browser extensions installed? I wonder if there is one trying to inject a script.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@code-asher code-asher code-asher approved these changes

Assignees

@jsjoeio jsjoeio

Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@jsjoeio @achalagarwal @qjaden @code-asher