fix: webviews failing to load the iframe HTML (#5103)

code-asher · web-flow · commit b62a68ac37d6 · 2022-04-14T18:02:52.000Z
Code added in 1.65.0 broke webviews when you are hosting them from the
same domain.
diff --git a/patches/webview.diff b/patches/webview.diff
@@ -6,6 +6,17 @@ self-hosted.
 When doing this CSP will block resources (for example when viewing images) so
 add 'self' to the CSP to fix that.
 
+Additionally the service worker defaults to handling *all* requests made to the
+current host but when self-hosting the webview this will end up including the
+webview HTML itself which means these requests will fail since the communication
+channel between the webview and the main thread has not been set up yet as the
+webview itself is not ready yet (it has no HTML and therefore no script either).
+Since this code exists only for the authentication case we can just skip it when
+it is served from the current host as authentication is not a problem if the
+request is not cross-origin.
+
+To test, open a few types of webviews (images, markdown, extension details, etc).
+
 Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
@@ -44,3 +55,22 @@ Index: code-server/lib/vscode/src/vs/workbench/common/webview.ts
  
  /**
   * Construct a uri that can load resources inside a webview
+Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/service-worker.js
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/service-worker.js
++++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/service-worker.js
+@@ -188,9 +188,11 @@ sw.addEventListener('fetch', (event) =>
+ 		}
+ 	}
+ 
+-	// If we're making a request against the remote authority, we want to go
+-	// back through VS Code itself so that we are authenticated properly
+-	if (requestUrl.host === remoteAuthority) {
++	// If we're making a request against the remote authority, we want to go back
++	// through VS Code itself so that we are authenticated properly.  If the
++	// service worker is hosted on the same origin we will have cookies and
++	// authentication will not be an issue.
++	if (requestUrl.origin !== sw.origin && requestUrl.host === remoteAuthority) {
+ 		switch (event.request.method) {
+ 			case 'GET':
+ 			case 'HEAD':
