Skip to content

Commit

Permalink
disable CSP on root from sources as on regular workspace
Browse files Browse the repository at this point in the history
  • Loading branch information
@akosyakov @jeanp413
akosyakov authored and jeanp413 committed Mar 8, 2023
1 parent 5666c68 commit 5f8dda9
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions src/vs/server/node/webClientServer.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -361,6 +361,10 @@ export class WebClientServer {
'Content-Type': 'text/html',
'Content-Security-Policy': this._environmentService.isBuilt ? cspDirectives : allowAllCSP
};
//#region Gitpod - to truly allow all CSP as on regular workspace, otherwise frame-src * does not allow arbitrary custom schemes like vscode:, vscode-insiders: or jetbrains-gateway:
// reconsider to enable CSP on regular workspaces as well instead, not sure how to deal with an arbitrary customer scheme though
delete headers['Content-Security-Policy'];
//#endregion
if (this._connectionToken.type !== ServerConnectionTokenType.None) {
// At this point we know the client has a valid cookie
// and we want to set it prolong it to ensure that this
Expand Down

0 comments on commit 5f8dda9

Please sign in to comment.