Further relax CSP

This commit is contained in:
Alex Dima 2020-08-04 14:06:31 +02:00
parent 6dd9bda34d
commit 459610f3ef
No known key found for this signature in database
GPG key ID: 6E58D7B045760DA0

View file

@ -94,7 +94,6 @@ export class WebWorkerExtensionHost extends Disposable implements IExtensionHost
const vscodeWebWorkerExtHostId = generateUuid();
const workerUrl = require.toUrl('../worker/extensionHostWorkerMain.js');
const sourcesOrigin = /^((http:)|(https:)|(file:))/.test(workerUrl) ? new URL(workerUrl).origin : location.origin;
const workerSrc = getWorkerBootstrapUrl(workerUrl, 'WorkerExtensionHost', true);
const escapeAttribute = (value: string): string => {
return value.replace(/"/g, '"');
@ -102,7 +101,7 @@ export class WebWorkerExtensionHost extends Disposable implements IExtensionHost
const html = `<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'unsafe-eval' ${sourcesOrigin} https://*.gallerycdn.vsassets.io '${WEB_WORKER_IFRAME.sha}'; worker-src data:; connect-src *" />
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'unsafe-eval' '${WEB_WORKER_IFRAME.sha}' *; worker-src data:; connect-src *" />
<meta id="vscode-worker-src" data-value="${escapeAttribute(workerSrc)}" />
<meta id="vscode-web-worker-ext-host-id" data-value="${escapeAttribute(vscodeWebWorkerExtHostId)}" />
</head>