Skip to content

Commit 3f90d25

Browse files
sachinh-amazonsachinh-amazon
committed
Fix patch
1 parent 211cdac commit 3f90d25

File tree

1 file changed

+2
-3
lines changed

1 file changed

+2
-3
lines changed

patches/sagemaker/validate-http-request-referer.diff

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,18 +2,17 @@ Index: code-editor-src/src/vs/server/node/remoteExtensionHostAgentServer.ts
22
===================================================================
33
--- code-editor-src.orig/src/vs/server/node/remoteExtensionHostAgentServer.ts
44
+++ code-editor-src/src/vs/server/node/remoteExtensionHostAgentServer.ts
5-
@@ -172,6 +172,21 @@ class RemoteExtensionHostAgentServer ext
5+
@@ -172,6 +172,13 @@ class RemoteExtensionHostAgentServer ext
66
if (pathname === '/vscode-remote-resource') {
77
// Handle HTTP requests for resources rendered in the rich client (images, fonts, etc.)
88
// These resources could be files shipped with extensions or even workspace files.
9-
+
109
+ if (req.headers.referer && req.headers.host) {
1110
+ const parsedRefererUrl = url.parse(req.headers.referer, true);
1211
+ if (parsedRefererUrl.host !== req.headers.host) {
1312
+ return serveError(req, res, 403, `Forbidden.`);
1413
+ }
1514
+ }
16-
+
15+
+
1716
const desiredPath = parsedUrl.query['path'];
1817
if (typeof desiredPath !== 'string') {
1918
return serveError(req, res, 400, `Bad request.`);

0 commit comments

Comments
 (0)