Fixes microsoft#144513: Allow cross origin requests for vscode resources from the web worker extension host origin

alexdima · alexdima · commit 448ada023321 · 2022-03-24T21:47:58.000+01:00
diff --git a/src/vs/server/node/remoteExtensionHostAgentServer.ts b/src/vs/server/node/remoteExtensionHostAgentServer.ts
@@ -18,6 +18,7 @@ import { connectionTokenQueryName, FileAccess, Schemas } from 'vs/base/common/ne
 import { dirname, join } from 'vs/base/common/path';
 import * as perf from 'vs/base/common/performance';
 import * as platform from 'vs/base/common/platform';
+import { createRegExp, escapeRegExpCharacters } from 'vs/base/common/strings';
 import { URI } from 'vs/base/common/uri';
 import { generateUuid } from 'vs/base/common/uuid';
 import { findFreePort } from 'vs/base/node/ports';
@@ -58,6 +59,7 @@ export class RemoteExtensionHostAgentServer extends Disposable implements IServe
 	private readonly _managementConnections: { [reconnectionToken: string]: ManagementConnection };
 	private readonly _allReconnectionTokens: Set<string>;
 	private readonly _webClientServer: WebClientServer | null;
+	private readonly _webEndpointOriginChecker = WebEndpointOriginChecker.create(this._productService);
 
 	private shutdownTimer: NodeJS.Timer | undefined;
 
@@ -142,6 +144,14 @@ export class RemoteExtensionHostAgentServer extends Disposable implements IServe
 					responseHeaders['Cache-Control'] = 'public, max-age=31536000';
 				}
 			}
+
+			// Allow cross origin requests from the web worker extension host
+			responseHeaders['Vary'] = 'Origin';
+			const requestOrigin = req.headers['origin'];
+			if (requestOrigin && this._webEndpointOriginChecker.matches(requestOrigin)) {
+				responseHeaders['Access-Control-Allow-Origin'] = requestOrigin;
+			}
+
 			return serveFile(this._logService, req, res, filePath, responseHeaders);
 		}
 
@@ -767,3 +777,45 @@ export async function createServer(address: string | net.AddressInfo | null, arg
 	}
 	return remoteExtensionHostAgentServer;
 }
+
+class WebEndpointOriginChecker {
+
+	public static create(productService: IProductService): WebEndpointOriginChecker {
+		const webEndpointUrlTemplate = productService.webEndpointUrlTemplate;
+		const commit = productService.commit;
+		const quality = productService.quality;
+		if (!webEndpointUrlTemplate || !commit || !quality) {
+			return new WebEndpointOriginChecker(null);
+		}
+
+		const uuid = generateUuid();
+		const exampleUrl = new URL(
+			webEndpointUrlTemplate
+				.replace('{{uuid}}', uuid)
+				.replace('{{commit}}', commit)
+				.replace('{{quality}}', quality)
+		);
+		const exampleOrigin = exampleUrl.origin;
+		const originRegExpSource = (
+			escapeRegExpCharacters(exampleOrigin)
+				.replace(uuid, '[a-zA-Z0-9\-]+')
+		);
+		try {
+			const originRegExp = createRegExp(`^${originRegExpSource}$`, true, { matchCase: false });
+			return new WebEndpointOriginChecker(originRegExp);
+		} catch (err) {
+			return new WebEndpointOriginChecker(null);
+		}
+	}
+
+	constructor(
+		private readonly _originRegExp: RegExp | null
+	) { }
+
+	public matches(origin: string): boolean {
+		if (!this._originRegExp) {
+			return false;
+		}
+		return this._originRegExp.test(origin);
+	}
+}
