Use an identical CSP for both `https` and `http` (enabled by using 'self')

2021-12-07 14:40:56 +01:00 · 2021-12-07 14:40:56 +01:00 · 0a81bd1bbf
parent 5cd3e31c2b
commit 0a81bd1bbf
5 changed files with 3 additions and 73 deletions
--- a/build/gulpfile.vscode.web.js
+++ b/build/gulpfile.vscode.web.js
@ -42,8 +42,7 @@ const vscodeWebResourceIncludes = [
 	'out-build/vs/workbench/contrib/webview/browser/pre/*.html',

 	// Extension Worker
-	'out-build/vs/workbench/services/extensions/worker/httpsWebWorkerExtensionHostIframe.html',
-	'out-build/vs/workbench/services/extensions/worker/httpWebWorkerExtensionHostIframe.html',
+	'out-build/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html',

 	// Web node paths (needed for integration tests)
 	'out-build/vs/webPackagePaths.js',
--- a/src/vs/server/webClientServer.ts
+++ b/src/vs/server/webClientServer.ts
@ -210,7 +210,7 @@ export class WebClientServer {
 			'default-src \'self\';',
 			'img-src \'self\' https: data: blob:;',
 			'media-src \'none\';',
-			`script-src 'self' 'unsafe-eval' ${this._getScriptCspHashes(data).join(' ')} 'sha256-cb2sg39EJV8ABaSNFfWu/ou8o1xVXYK7jp90oZ9vpcg=' http://${remoteAuthority};`, // the sha is the same as in src/vs/workbench/services/extensions/worker/httpWebWorkerExtensionHostIframe.html
+			`script-src 'self' 'unsafe-eval' ${this._getScriptCspHashes(data).join(' ')} 'sha256-cb2sg39EJV8ABaSNFfWu/ou8o1xVXYK7jp90oZ9vpcg=' http://${remoteAuthority};`, // the sha is the same as in src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
 			'child-src \'self\';',
 			`frame-src 'self' https://*.vscode-webview.net ${this._productService.webEndpointUrl || ''} data:;`,
 			'worker-src \'self\' data:;',
--- a/src/vs/workbench/services/extensions/browser/webWorkerExtensionHost.ts
+++ b/src/vs/workbench/services/extensions/browser/webWorkerExtensionHost.ts
@ -77,11 +77,7 @@ export class WebWorkerExtensionHost extends Disposable implements IExtensionHost

 	private _getWebWorkerExtensionHostIframeSrc(): string {
 		const suffix = this._environmentService.debugExtensionHost && this._environmentService.debugRenderer ? '?debugged=1' : '?';
-		const iframeModulePath = (
-			location.protocol === 'http:'
-				? 'vs/workbench/services/extensions/worker/httpWebWorkerExtensionHostIframe.html'
-				: 'vs/workbench/services/extensions/worker/httpsWebWorkerExtensionHostIframe.html'
-		);
+		const iframeModulePath = 'vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html';
 		if (platform.isWeb) {
 			const webEndpointUrlTemplate = this._productService.webEndpointUrlTemplate;
 			const commit = this._productService.commit;
--- a/src/vs/workbench/services/extensions/worker/httpWebWorkerExtensionHostIframe.html
+++ b/src/vs/workbench/services/extensions/worker/httpWebWorkerExtensionHostIframe.html
@ -1,65 +0,0 @@
-<!DOCTYPE html>
-<html>
-	<head>
-		<meta http-equiv="Content-Security-Policy" content="default-src 'none'; child-src 'self' data: blob:; script-src 'unsafe-eval' 'sha256-cb2sg39EJV8ABaSNFfWu/ou8o1xVXYK7jp90oZ9vpcg=' http: https:; connect-src http: https: ws: wss:" />
-	</head>
-	<body>
-	<script>
-(function() {
-	const searchParams = new URL(document.location).searchParams;
-	const vscodeWebWorkerExtHostId = searchParams.get('vscodeWebWorkerExtHostId') || '';
-	const name = searchParams.get('debugged') ? 'WorkerExtensionHost' : 'DebugWorkerExtensionHost';
-
-	function sendError(error) {
-		window.parent.postMessage({
-			vscodeWebWorkerExtHostId,
-			error: {
-				name: error ? error.name : '',
-				message: error ? error.message : '',
-				stack: error ? error.stack : []
-			}
-		}, '*');
-	}
-
-	try {
-		const worker = new Worker('../../../../base/worker/workerMain.js', { name });
-		worker.postMessage('vs/workbench/services/extensions/worker/extensionHostWorker');
-		const nestedWorkers = new Map();
-
-		worker.onmessage = (event) => {
-			const { data } = event;
-
-			if (data?.type === '_newWorker') {
-				const { id, port, url, options } = data;
-				const newWorker = new Worker(url, options);
-				newWorker.postMessage(port, [port]);
-				worker.onerror = console.error.bind(console);
-				nestedWorkers.set(id, newWorker);
-
-			} else if (data?.type === '_terminateWorker') {
-				const { id } = data;
-				if(nestedWorkers.has(id)) {
-					nestedWorkers.get(id).terminate();
-					nestedWorkers.delete(id);
-				}
-			} else {
-				worker.onerror = console.error.bind(console);
-				window.parent.postMessage({
-					vscodeWebWorkerExtHostId,
-					data
-				}, '*', [data]);
-			}
-		};
-
-		worker.onerror = (event) => {
-			console.error(event.message, event.error);
-			sendError(event.error);
-		};
-	} catch(err) {
-		console.error(err);
-		sendError(err);
-	}
-})();
-	</script>
-	</body>
-</html>
--- a/src/vs/workbench/services/extensions/worker/httpsWebWorkerExtensionHostIframe.html
+++ b/src/vs/workbench/services/extensions/worker/httpsWebWorkerExtensionHostIframe.html