mirror of
https://github.com/danog/code-server.git
synced 2024-11-26 20:34:56 +01:00
b62a68ac37
Code added in 1.65.0 broke webviews when you are hosting them from the same domain.
77 lines
4.2 KiB
Diff
77 lines
4.2 KiB
Diff
Serve webviews from the same origin
|
|
|
|
Normally webviews are served from vscode-webview.net but we would rather them be
|
|
self-hosted.
|
|
|
|
When doing this CSP will block resources (for example when viewing images) so
|
|
add 'self' to the CSP to fix that.
|
|
|
|
Additionally the service worker defaults to handling *all* requests made to the
|
|
current host but when self-hosting the webview this will end up including the
|
|
webview HTML itself which means these requests will fail since the communication
|
|
channel between the webview and the main thread has not been set up yet as the
|
|
webview itself is not ready yet (it has no HTML and therefore no script either).
|
|
Since this code exists only for the authentication case we can just skip it when
|
|
it is served from the current host as authentication is not a problem if the
|
|
request is not cross-origin.
|
|
|
|
To test, open a few types of webviews (images, markdown, extension details, etc).
|
|
|
|
Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
|
|
===================================================================
|
|
--- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
|
|
+++ code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
|
|
@@ -176,7 +176,7 @@ export class BrowserWorkbenchEnvironment
|
|
|
|
@memoize
|
|
get webviewExternalEndpoint(): string {
|
|
- const endpoint = this.options.webviewEndpoint
|
|
+ const endpoint = (this.options.webviewEndpoint && new URL(this.options.webviewEndpoint, window.location.toString()).toString())
|
|
|| this.productService.webviewContentExternalBaseUrlTemplate
|
|
|| 'https://{{uuid}}.vscode-webview.net/{{quality}}/{{commit}}/out/vs/workbench/contrib/webview/browser/pre/';
|
|
|
|
Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
|
|
===================================================================
|
|
--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
|
|
+++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
|
|
@@ -280,6 +280,7 @@ export class WebClientServer {
|
|
const data = (await util.promisify(fs.readFile)(filePath)).toString()
|
|
.replace('{{WORKBENCH_WEB_CONFIGURATION}}', escapeAttribute(JSON.stringify({
|
|
remoteAuthority,
|
|
+ webviewEndpoint: vscodeBase + '/static/out/vs/workbench/contrib/webview/browser/pre',
|
|
_wrapWebWorkerExtHostInIframe,
|
|
developmentOptions: { enableSmokeTestDriver: this._environmentService.driverHandle === 'web' ? true : undefined },
|
|
settingsSyncOptions: !this._environmentService.isBuilt && this._environmentService.args['enable-sync'] ? { enabled: true } : undefined,
|
|
Index: code-server/lib/vscode/src/vs/workbench/common/webview.ts
|
|
===================================================================
|
|
--- code-server.orig/lib/vscode/src/vs/workbench/common/webview.ts
|
|
+++ code-server/lib/vscode/src/vs/workbench/common/webview.ts
|
|
@@ -24,7 +24,7 @@ export const webviewResourceBaseHost = '
|
|
|
|
export const webviewRootResourceAuthority = `vscode-resource.${webviewResourceBaseHost}`;
|
|
|
|
-export const webviewGenericCspSource = `https://*.${webviewResourceBaseHost}`;
|
|
+export const webviewGenericCspSource = `'self' https://*.${webviewResourceBaseHost}`;
|
|
|
|
/**
|
|
* Construct a uri that can load resources inside a webview
|
|
Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/service-worker.js
|
|
===================================================================
|
|
--- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/service-worker.js
|
|
+++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/service-worker.js
|
|
@@ -188,9 +188,11 @@ sw.addEventListener('fetch', (event) =>
|
|
}
|
|
}
|
|
|
|
- // If we're making a request against the remote authority, we want to go
|
|
- // back through VS Code itself so that we are authenticated properly
|
|
- if (requestUrl.host === remoteAuthority) {
|
|
+ // If we're making a request against the remote authority, we want to go back
|
|
+ // through VS Code itself so that we are authenticated properly. If the
|
|
+ // service worker is hosted on the same origin we will have cookies and
|
|
+ // authentication will not be an issue.
|
|
+ if (requestUrl.origin !== sw.origin && requestUrl.host === remoteAuthority) {
|
|
switch (event.request.method) {
|
|
case 'GET':
|
|
case 'HEAD':
|