Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make Theia WebViews more secure #15616

Closed
azatsarynnyy opened this issue Jan 8, 2020 · 1 comment · Fixed by eclipse-che/che-theia#591
Closed

Make Theia WebViews more secure #15616

azatsarynnyy opened this issue Jan 8, 2020 · 1 comment · Fixed by eclipse-che/che-theia#591
Assignees
@azatsarynnyy
Labels
area/editor/theia Issues related to the che-theia IDE of Che kind/enhancement A feature request - must adhere to the feature request template. severity/P1 Has a major impact to usage or development of the system.

Comments

@azatsarynnyy
Copy link
Member

At the moment, Theia WebViews are on the same origin as Theia editor. That's not secure as WebViews have access to the Theia page and some plugin can break Theia.

Theia WebViews should have a separate origin to be isolated from Theia page.
@azatsarynnyy azatsarynnyy added kind/enhancement A feature request - must adhere to the feature request template. team/editors area/editor/theia Issues related to the che-theia IDE of Che labels Jan 8, 2020
@azatsarynnyy azatsarynnyy self-assigned this Jan 8, 2020
@azatsarynnyy
Copy link
Member Author

The related draft PRs to track:

This was referenced Jan 8, 2020
Closed
Merged
Closed
@benoitf benoitf added the severity/P1 Has a major impact to usage or development of the system. label Jan 8, 2020
@azatsarynnyy azatsarynnyy mentioned this issue Feb 3, 2020
Closed
20 tasks
@johnmcollier johnmcollier mentioned this issue Feb 13, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@azatsarynnyy azatsarynnyy

Labels
area/editor/theia Issues related to the che-theia IDE of Che kind/enhancement A feature request - must adhere to the feature request template. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use a dedicated server as webview domain eclipse-che/che-theia
2 participants
@benoitf @azatsarynnyy