Add patch to validate referer for vscode-remote-resource API

Author: sachinh-amazon

patches/sagemaker.series

@@ -39,3 +39,4 @@ sagemaker/sagemaker-extension-smus-support.diff
 sagemaker/post-startup-notifications.diff
 sagemaker/sagemaker-extensions-sync.diff
 sagemaker/fix-port-forwarding.diff
+sagemaker/validate-http-request-referer.diff

patches/sagemaker/validate-http-request-referer.diff

@@ -0,0 +1,20 @@
+Index: code-editor-src/src/vs/server/node/remoteExtensionHostAgentServer.ts
+===================================================================
+--- code-editor-src.orig/src/vs/server/node/remoteExtensionHostAgentServer.ts
++++ code-editor-src/src/vs/server/node/remoteExtensionHostAgentServer.ts
+@@ -172,6 +172,21 @@ class RemoteExtensionHostAgentServer ext
+ 		if (pathname === '/vscode-remote-resource') {
+ 			// Handle HTTP requests for resources rendered in the rich client (images, fonts, etc.)
+ 			// These resources could be files shipped with extensions or even workspace files.
++			
++			if (req.headers.referer && req.headers.host) {
++				this._logService.info('Inside if check');
++				const parsedRefererUrl = url.parse(req.headers.referer, true);
++				if (parsedRefererUrl.host !== req.headers.host) {
++					return serveError(req, res, 403, `Forbidden.`);
++				}
++			}
++
+ 			const desiredPath = parsedUrl.query['path'];
+ 			if (typeof desiredPath !== 'string') {
+ 				return serveError(req, res, 400, `Bad request.`);