I noticed that the javascript and typescript extensions both make requests to schemastore.org port 80. I realize this isn't the most sensitive piece of data, but as a security-aware user, I would prefer external HTTP requests to actually be HTTPS :)
Doing a little research, I came across SchemaStore/schemastore#12 which involved some discussion about making secure requests for these files.
I've got a commit handy that changes the URLs to use the pattern, which allows Code to make these requests over HTTPS.
- VSCode Version: 1.19.1
- OS Version: All
Steps to Reproduce:
- Install a network monitor tool (e.g. Little Snitch on MacOS)
- Launch VS Code
- After a few moments, the network monitor will report a request to schemastore.org:80
Reproduces without extensions: No
I noticed that the javascript and typescript extensions both make requests to schemastore.org port 80. I realize this isn't the most sensitive piece of data, but as a security-aware user, I would prefer external HTTP requests to actually be HTTPS :)
Doing a little research, I came across SchemaStore/schemastore#12 which involved some discussion about making secure requests for these files.
I've got a commit handy that changes the URLs to use the pattern, which allows Code to make these requests over HTTPS.
Steps to Reproduce:
Reproduces without extensions: No