development/vscode
development/vscode
1
0
Fork 0
mirror of https://github.com/Microsoft/vscode synced 2024-08-27 13:00:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Better simulate real-life CORS in code-web server

Browse source
This commit is contained in:
Alexandru Dima 2020-12-29 23:38:37 +01:00
parent 58852eaa85
commit e6daf34085
No known key found for this signature in database
GPG key ID: 6E58D7B045760DA0
1 changed files with 27 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
resources/web/code-web.js
View file

@ -28,6 +28,14 @@ const BUILTIN_MARKETPLACE_EXTENSIONS_ROOT = path.join(APP_ROOT, '.build', 'built
const WEB_DEV_EXTENSIONS_ROOT = path.join(APP_ROOT, '.build', 'builtInWebDevExtensions');
const WEB_MAIN = path.join(APP_ROOT, 'src', 'vs', 'code', 'browser', 'workbench', 'workbench-dev.html');
// This is useful to simulate real world CORS
const ALLOWED_CORS_ORIGINS = [
'http://localhost:8081',
'http://127.0.0.1:8081',
'http://localhost:8080',
'http://127.0.0.1:8080',
];
const WEB_PLAYGROUND_VERSION = '0.0.10';
const args = minimist(process.argv, {
@ -281,6 +289,17 @@ secondaryServer.on('error', err => {
console.error(err);
});
/**
* @param {import('http').IncomingMessage} req
*/
function addCORSReplyHeader(req) {
if (typeof req.headers['origin'] !== 'string') {
// not a CORS request
return false;
}
return (ALLOWED_CORS_ORIGINS.indexOf(req.headers['origin']) >= 0);
}
/**
* @param {import('http').IncomingMessage} req
* @param {import('http').ServerResponse} res
@ -291,9 +310,10 @@ async function handleStatic(req, res, parsedUrl) {
if (/^\/static\/extensions\//.test(parsedUrl.pathname)) {
const relativePath = decodeURIComponent(parsedUrl.pathname.substr('/static/extensions/'.length));
const filePath = getExtensionFilePath(relativePath, (await builtInExtensionsPromise).locations);
const responseHeaders = {
'Access-Control-Allow-Origin': '*'
};
const responseHeaders = {};
if (addCORSReplyHeader(req)) {
responseHeaders['Access-Control-Allow-Origin'] = '*';
}
if (!filePath) {
return serveError(req, res, 400, `Bad request.`, responseHeaders);
}
@ -315,9 +335,10 @@ async function handleExtension(req, res, parsedUrl) {
// Strip `/extension/` from the path
const relativePath = decodeURIComponent(parsedUrl.pathname.substr('/extension/'.length));
const filePath = getExtensionFilePath(relativePath, (await commandlineProvidedExtensionsPromise).locations);
const responseHeaders = {
'Access-Control-Allow-Origin': '*'
};
const responseHeaders = {};
if (addCORSReplyHeader(req)) {
responseHeaders['Access-Control-Allow-Origin'] = '*';
}
if (!filePath) {
return serveError(req, res, 400, `Bad request.`, responseHeaders);
}