From 46b667271cbc3658150b326864f11f4d3c18e906 Mon Sep 17 00:00:00 2001
From: Joe Previte <jjprevite@gmail.com>
Date: Wed, 26 Oct 2022 10:02:52 -0700
Subject: [PATCH 1/2] fix: update hashes in webview patch

We missed a hash update and also had the wrong hash for another HTML
file which caused issues in 4.8.0.
---
 patches/webview.diff | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/patches/webview.diff b/patches/webview.diff
index 49af19cb8612..a176eb190b63 100644
--- a/patches/webview.diff
+++ b/patches/webview.diff
@@ -25,6 +25,11 @@ Make sure to update the hash. To do so:
 2. open any webview (i.e. preview Markdown)
 3. see error in console and copy hash
 
+That will test the hash change in pre/index.html
+
+Double-check the console to make sure there are no console errors for the webWorkerExtensionHostIframe
+which also requires a hash change.
+
 Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
@@ -54,6 +59,15 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
 +++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
+@@ -5,7 +5,7 @@
+ 	<meta charset="UTF-8">
+ 
+ 	<meta http-equiv="Content-Security-Policy"
+-		content="default-src 'none'; script-src 'sha256-wwaDxsm1+SKIUb5YJXiZlYMyV7QPB8+zd6HPcTjigZs=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
++		content="default-src 'none'; script-src 'sha256-IZkGO4jZeUn7pzM6pBZCZc9bUYm8oVNV3z8zEa8gxlk=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
+ 
+ 	<!-- Disable pinch zooming -->
+ 	<meta name="viewport"
 @@ -331,6 +331,12 @@
  
  				const hostname = location.hostname;
@@ -93,7 +107,7 @@ Index: code-server/lib/vscode/src/vs/workbench/services/extensions/worker/webWor
  			default-src 'none';
  			child-src 'self' data: blob:;
 -			script-src 'self' 'unsafe-eval' 'sha256-/r7rqQ+yrxt57sxLuQ6AMYcy/lUpvAIzHjIJt/OeLWU=' https:;
-+			script-src 'self' 'unsafe-eval' 'sha256-wwaDxsm1+SKIUb5YJXiZlYMyV7QPB8+zd6HPcTjigZs=' https:;
++			script-src 'self' 'unsafe-eval' 'sha256-TkIM/TmudlFEe0ZRp0ptvN54LClwk30Rql4ZPE0hm/I=' https:;
  			connect-src 'self' https: wss: http://localhost:* http://127.0.0.1:* ws://localhost:* ws://127.0.0.1:*;"/>
  	</head>
  	<body>

From a515ac4d6d484bb7d13547414981bb19300d3722 Mon Sep 17 00:00:00 2001
From: Joe Previte <jjprevite@gmail.com>
Date: Wed, 26 Oct 2022 10:06:00 -0700
Subject: [PATCH 2/2] refactor: move parent-origin into webview

---
 patches/parent-origin.diff | 24 ------------------------
 patches/webview.diff       |  7 +++++++
 2 files changed, 7 insertions(+), 24 deletions(-)
 delete mode 100644 patches/parent-origin.diff

diff --git a/patches/parent-origin.diff b/patches/parent-origin.diff
deleted file mode 100644
index e49382483e6e..000000000000
--- a/patches/parent-origin.diff
+++ /dev/null
@@ -1,24 +0,0 @@
-Remove parentOriginHash checko
-
-This fixes webviews from not working properly due to a change upstream.
-Upstream added a check to ensure parent authority is encoded into the webview
-origin. Since our webview origin is the parent authority, we can bypass this
-check.
-
-Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/main.js
-===================================================================
---- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/main.js
-+++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/main.js
-@@ -317,6 +317,12 @@ const hostMessaging = new class HostMess
- 		const id = searchParams.get('id');
- 
- 		const hostname = location.hostname;
-+
-+		// It is safe to run if we are on the same host.
-+		const parent = new URL(parentOrigin)
-+		if (parent.hostname == location.hostname) {
-+			return start(parentOrigin)
-+		}
- 
- 		if (!crypto.subtle) {
- 			// cannot validate, not running in a secure context
diff --git a/patches/webview.diff b/patches/webview.diff
index a176eb190b63..0e03b2581fcb 100644
--- a/patches/webview.diff
+++ b/patches/webview.diff
@@ -30,6 +30,13 @@ That will test the hash change in pre/index.html
 Double-check the console to make sure there are no console errors for the webWorkerExtensionHostIframe
 which also requires a hash change.
 
+parentOriginHash changes
+
+This fixes webviews from not working properly due to a change upstream.
+Upstream added a check to ensure parent authority is encoded into the webview
+origin. Since our webview origin is the parent authority, we can bypass this
+check.
+
 Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts