/
webview-backend-security-warnings.ts
45 lines (40 loc) · 1.91 KB
/
webview-backend-security-warnings.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
// *****************************************************************************
// Copyright (C) 2021 Ericsson and others.
//
// This program and the accompanying materials are made available under the
// terms of the Eclipse Public License v. 2.0 which is available at
// http://www.eclipse.org/legal/epl-2.0.
//
// This Source Code may also be made available under the following Secondary
// Licenses when the conditions for such availability set forth in the Eclipse
// Public License v. 2.0 are satisfied: GNU General Public License, version 2
// with the GNU Classpath Exception which is available at
// https://www.gnu.org/software/classpath/license.html.
//
// SPDX-License-Identifier: EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0
// *****************************************************************************
import { BackendApplicationContribution } from '@theia/core/lib/node';
import { BackendApplicationConfigProvider } from '@theia/core/lib/node/backend-application-config-provider';
import { injectable } from '@theia/core/shared/inversify';
import { WebviewExternalEndpoint } from '../common/webview-protocol';
@injectable()
export class WebviewBackendSecurityWarnings implements BackendApplicationContribution {
initialize(): void {
this.checkHostPattern();
}
protected async checkHostPattern(): Promise<void> {
if (BackendApplicationConfigProvider.get()['warnOnPotentiallyInsecureHostPattern'] === false) {
return;
}
const envHostPattern = process.env[WebviewExternalEndpoint.pattern];
if (envHostPattern && envHostPattern !== WebviewExternalEndpoint.defaultPattern) {
console.warn(`\
WEBVIEW SECURITY WARNING
Changing the @theia/plugin-ext webview host pattern can lead to security vulnerabilities.
Current pattern: "${envHostPattern}"
Please read @theia/plugin-ext/README.md for more information.
`
);
}
}
}