-
Notifications
You must be signed in to change notification settings - Fork 28.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Do you trust the authors of the files in this folder is shown" unnecessarily #126310
Comments
This huge warning and cognitive break is shown regardless of whether it is necessary or not. Instead the huge modal warning should only be shown when there is an actual decision that needs to be made. |
Today I opened a CSV file in a new window and got blasted by this huge warning. I can't imagine any scenario where a CSV file, regardless of whether I trust it or not should be "executing files in this folder". |
I know that people coming from Microsoft Word / Excel might be used to huge modal "do you trust" / "content disabled" warnings. But these always just illustrate a failure in the Word / Excel program security model. |
@fulldecent, we have a settings that you can use to control the workspace trust feature:
|
To spell it out, here are my expectations for VS Code and this issue highlights apparent violation of these expectations. (If VS Code violates these expectations in another way, that is out of scope for this issue.)
Therefore, when I see a broad opt-in like the above immediately upon opening a project folder, it shows a violation of these expectations. These violations lead me to believe:
Other people may not care as much as me to spell out these concerns but they as well do deserve to be looked after. We should make software that empowers everybody. This is why changing my settings and leaving the default as dangerous/confusing for everybody else not good. |
Workspace Trust should be an opt-in feature. That, or smart enough that I don't have to confirm to it that I do in fact trust myself - the sole author of any given workspace on this machine. Defaulting to popping such a general warning for every distinct workspace - regardless of its actual ability to cause undesired behavior through poorly-defined In fact, I'd argue that VS Code is painting itself as the proverbial red button by adding this behavior. Prior to this update, I was reasonably confident that my IDE and workspaces would only do what they were setup to do; this simplicity is why I use VS Code in the first place, rather than huge IDEs like regular VS. To extend the point made by @fulldecent, Windows UAC is the obvious parallel to this new feature, existing for the sake of warning potentially-uneducated users about the scope of permissions available to the programs they're running. |
Also, I learned that if you do not click TRUST, the glowing, requested blue button then you will get the popup every time you open the folder. It's just like YouTube: DO YOU WANT TO BUY NOW??? 😄 YES -or- 😢 ask tomorrow |
@fulldecent, could you please provide repro steps for this, as this should not be the case. Thank you! |
I don't have full repro minification. But here is at least a visual on what I'm seeing. |
@fulldecent, thank you very much for the recording. Based on your recording I have been able to reproduce the problem and I have filed a separate issue to track it - #127223. The issue here is that it looks like the built-in PHP extension does support "restricted mode" but it excessively requests for workspace trust. |
@fulldecent, issue #127223 has been fixed in the latest Insiders release and will be included in the next Stable release. |
To follow up here, I've devised a workaround to OP's issue that - so far - appears to work perfectly.
Provided that you follow these steps to the letter, you should be left with a functional IDE that:
Overall, it does exactly what I need, and I'm left asking myself why I didn't apply such a workaround years ago. Hopefully this can be of help to others in a similar situation 👍 |
Thanks for all the feedback. We take all of the feedback into consideration as we try to improve this feature. You can see more information about our development process in this recent blog post https://code.visualstudio.com/blogs/2021/07/06/workspace-trust. |
Issue Type: Bug
TEST CASE
Open anything
EXPECTED
Peace
ACTUAL
Discomfort
VS Code version: Code 1.57.0 (Universal) (b4c1bd0, 2021-06-09T17:22:31.215Z)
OS version: Darwin arm64 20.5.0
Restricted Mode: No
System Info
gpu_compositing: enabled
metal: disabled_off
multiple_raster_threads: enabled_on
oop_rasterization: enabled
opengl: enabled_on
rasterization: enabled
skia_renderer: disabled_off_ok
video_decode: enabled
webgl: enabled
webgl2: enabled
Extensions (24)
The text was updated successfully, but these errors were encountered: