From 537cd8069dd96af4127cb7cde2b581f1eccf47e2 Mon Sep 17 00:00:00 2001 From: Roo Code Date: Sat, 19 Jul 2025 15:26:42 +0000 Subject: [PATCH] fix: add file+.vscode-resource.vscode-cdn.net to CSP for portable VS Code support - Added file+.vscode-resource.vscode-cdn.net protocol to connect-src and media-src directives - This fixes audio playback and API requests in portable VS Code environments - Updated tests to verify the CSP includes the necessary protocols Fixes #5949 --- src/core/webview/ClineProvider.ts | 6 +++--- src/core/webview/__tests__/ClineProvider.spec.ts | 7 +++++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/src/core/webview/ClineProvider.ts b/src/core/webview/ClineProvider.ts index ceb6671767..140a57e4fe 100644 --- a/src/core/webview/ClineProvider.ts +++ b/src/core/webview/ClineProvider.ts @@ -679,9 +679,9 @@ export class ClineProvider `font-src ${webview.cspSource} data:`, `style-src ${webview.cspSource} 'unsafe-inline' https://* http://${localServerUrl} http://0.0.0.0:${localPort}`, `img-src ${webview.cspSource} https://storage.googleapis.com https://img.clerk.com data:`, - `media-src ${webview.cspSource}`, + `media-src ${webview.cspSource} file+.vscode-resource.vscode-cdn.net:`, `script-src 'unsafe-eval' ${webview.cspSource} https://* https://*.posthog.com http://${localServerUrl} http://0.0.0.0:${localPort} 'nonce-${nonce}'`, - `connect-src https://* https://*.posthog.com ws://${localServerUrl} ws://0.0.0.0:${localPort} http://${localServerUrl} http://0.0.0.0:${localPort}`, + `connect-src https://* https://*.posthog.com ws://${localServerUrl} ws://0.0.0.0:${localPort} http://${localServerUrl} http://0.0.0.0:${localPort} file+.vscode-resource.vscode-cdn.net:`, ] return /*html*/ ` @@ -763,7 +763,7 @@ export class ClineProvider - +