mirror of
https://github.com/Microsoft/vscode
synced 2024-10-30 13:43:07 +00:00
Further relax CSP
This commit is contained in:
parent
6dd9bda34d
commit
459610f3ef
1 changed files with 1 additions and 2 deletions
|
@ -94,7 +94,6 @@ export class WebWorkerExtensionHost extends Disposable implements IExtensionHost
|
|||
|
||||
const vscodeWebWorkerExtHostId = generateUuid();
|
||||
const workerUrl = require.toUrl('../worker/extensionHostWorkerMain.js');
|
||||
const sourcesOrigin = /^((http:)|(https:)|(file:))/.test(workerUrl) ? new URL(workerUrl).origin : location.origin;
|
||||
const workerSrc = getWorkerBootstrapUrl(workerUrl, 'WorkerExtensionHost', true);
|
||||
const escapeAttribute = (value: string): string => {
|
||||
return value.replace(/"/g, '"');
|
||||
|
@ -102,7 +101,7 @@ export class WebWorkerExtensionHost extends Disposable implements IExtensionHost
|
|||
const html = `<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'unsafe-eval' ${sourcesOrigin} https://*.gallerycdn.vsassets.io '${WEB_WORKER_IFRAME.sha}'; worker-src data:; connect-src *" />
|
||||
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'unsafe-eval' '${WEB_WORKER_IFRAME.sha}' *; worker-src data:; connect-src *" />
|
||||
<meta id="vscode-worker-src" data-value="${escapeAttribute(workerSrc)}" />
|
||||
<meta id="vscode-web-worker-ext-host-id" data-value="${escapeAttribute(vscodeWebWorkerExtHostId)}" />
|
||||
</head>
|
||||
|
|
Loading…
Reference in a new issue