Add option for disabling file downloads #2426
Comments
|
That looks right to me! We may also want to modify the HTTP
static endpoint that lets you access files outside the code-server
directory.
|
|
I confirmed two sections mentioned above will disable the download option :) I was also able to modify the static endpoint, I believe we'll want to use something similar to this check to ensure the user can't but I assume there is probably a better way to whitelist requests from code-server? Any ideas what headers we should be looking for? Also, I've added the flag |
|
How to ban downloading files now? |
I think an easy way for you to check for |
|
Yeah, I'd love to do it as both (code-server handles most options like this), but I haven't been able to find an example of it implemented somewhere like |
|
We'll need to add the option to the the Args interface in ipc.d.ts.
That'll let us use `options.args["disable-download"]` in
`lib/vscode/src/vs/server/node/server.ts`.
In that file we can add the disable download option to the workbench web
configuration (including to the interface) so it gets to the browser in
the same way as the home indicator option.
From there I think it'd make the most sense to use a context key to
enable/disable the download options.
We can add and export a context key in
`lib/vscode/src/vs/workbench/browser/contextkeys.ts`. We should be able
access the value of the flag we passed via the workbench web
configuration with `environmentService.options["disable-download"]`.
|
|
@jsjoeio Will there be an option to disable file uploads as well ? Example:- To disable people uploading their own .vsix file and installing them manually. |
|
I think we could definitely consider it! If it's a global thing, like download scenario, then it might be possible to implement here as well.
For that specific use case, we could potentially add that. It might help if you could expand on your use case (then we can see if it fits in this issue or should be a separate issue). |
Thanks @jsjoeio. Yes, a global disable upload option would be awesome. The use case is similar to the original requester's disable download request. For Eg:- use cases where we want to disable certain users from uploading files to the code-server (running on Docker) so that they can only operate on the files and items preloaded into the container and nothing external can be uploaded (or downloaded) |
|
Ahh okay. Thank you for elaborating! Sounds very similar in which case we can keep here in this issue :) |
|
Hi everyone, currently can i use these options ? |
|
No, these have not been implemented yet.
|
|
Looking forward to this feature |
|
Looking forward to this feature which is can be use for external developer. intergrate LDAP login and code on web. no leak code. hopeful anyone improve about that |
|
[sc-16496] |
|
Seems like all we need to do is:
Might be worth looking into writing e2e tests. Without CLI flag, should show Download File in menu. |
Being able to easily download might be an issue in some situations. See some comments on #1386.
Maybe it also makes sense to prevent the HTTP server from serving these files as well so you can't just
curlthem.The text was updated successfully, but these errors were encountered: