fix: Update webview CSP security hash
What does this MR do?
In gitlab-web-ide!365 (merged), we identified that the script-src
directive's SHA
in the file vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
is outdated. This Merge Request sets a new SHA
that represents the content of the inline scripts in this file.
How to test?
-
Checkout the Merge Request gitlab-web-ide!365 (merged) in the Web IDE.
-
Apply the following patch:
diff --git a/packages/vscode-bootstrap/src/start.ts b/packages/vscode-bootstrap/src/start.ts index 14e8843..965ae15 100644 --- a/packages/vscode-bootstrap/src/start.ts +++ b/packages/vscode-bootstrap/src/start.ts @@ -99,12 +99,12 @@ const BASE_OPTIONS: Partial<IWorkbenchConstructionOptions> = { privacyStatementUrl: '', showTelemetryOptOut: false, // 'commit' should be same as vscode_version.json - commit: 'e258f22fc8fe0545997a22514e315837d8145c34', + commit: '13ced324819b4f7f2476af7069c7042b52b6232d', quality: 'stable', webviewContentExternalBaseUrlTemplate: - 'https://{{uuid}}.cdn.web-ide.gitlab-static.net/web-ide-vscode/{{quality}}/{{commit}}/out/vs/workbench/contrib/webview/browser/pre/', + 'https://{{uuid}}.staging.cdn.web-ide.gitlab-static.net/web-ide-vscode/{{quality}}/{{commit}}/out/vs/workbench/contrib/webview/browser/pre/', webEndpointUrlTemplate: - 'https://{{uuid}}.cdn.web-ide.gitlab-static.net/web-ide-vscode/{{quality}}/{{commit}}', + 'https://{{uuid}}.staging.cdn.web-ide.gitlab-static.net/web-ide-vscode/{{quality}}/{{commit}}', trustedExtensionAuthAccess: ['gitlab.gitlab-workflow', WEB_IDE_EXTENSION_ID], }, };
-
The Web views like GitLab Duo Chat should work correctly.
Edited by Enrique Alcántara