Skip to content

Commit 95b09ef

Browse files
code-ashercode-asher
committed
Fix webviews in a different way
I think this is more true to the spirit of the code (it is trying to authenticate cross-origin requests so if it is not cross-origin we can skip it).
1 parent 4f71c0e commit 95b09ef

File tree

1 file changed

+13
-11
lines changed

1 file changed

+13
-11
lines changed

patches/webview.diff

Lines changed: 13 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -6,11 +6,14 @@ self-hosted.
66
When doing this CSP will block resources (for example when viewing images) so
77
add 'self' to the CSP to fix that.
88

9-
Additionally the service worker defaults to always trying to handle any requests
10-
made to the current host but this will include the webview HTML itself which
11-
means these requests will fail since the communication channel between the
12-
webview and the main thread has not been set up yet so patch the service worker
13-
to skip handling requests for other webview assets.
9+
Additionally the service worker defaults to handling *all* requests made to the
10+
current host but when self-hosting the webview this will end up including the
11+
webview HTML itself which means these requests will fail since the communication
12+
channel between the webview and the main thread has not been set up yet as the
13+
webview itself is not ready yet (it has no HTML and therefore no script either).
14+
Since this code exists only for the authentication case we can just skip it when
15+
it is served from the current host as authentication is not a problem if the
16+
request is not cross-origin.
1417

1518
To test, open a few types of webviews (images, markdown, extension details, etc).
1619

@@ -56,19 +59,18 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/servi
5659
===================================================================
5760
--- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/service-worker.js
5861
+++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/service-worker.js
59-
@@ -188,9 +188,12 @@ sw.addEventListener('fetch', (event) =>
62+
@@ -188,9 +188,11 @@ sw.addEventListener('fetch', (event) =>
6063
}
6164
}
6265

6366
- // If we're making a request against the remote authority, we want to go
6467
- // back through VS Code itself so that we are authenticated properly
6568
- if (requestUrl.host === remoteAuthority) {
6669
+ // If we're making a request against the remote authority, we want to go back
67-
+ // through VS Code itself so that we are authenticated properly. Requests to
68-
+ // other static assets in this directory (like the iframe HTML) must be
69-
+ // fetched normally since there will not yet be a communication channel set up
70-
+ // to retrieve them (they do not require authentication anyway).
71-
+ if (requestUrl.host === remoteAuthority && !requestUrl.pathname.startsWith(rootPath)) {
70+
+ // through VS Code itself so that we are authenticated properly. If the
71+
+ // service worker is hosted on the same origin we will have cookies and
72+
+ // authentication will not be an issue.
73+
+ if (requestUrl.origin !== sw.origin && requestUrl.host === remoteAuthority) {
7274
switch (event.request.method) {
7375
case 'GET':
7476
case 'HEAD':

0 commit comments

Comments
 (0)