Fix csp for CDN extension locations

mjbvz · mjbvz · commit b85a27229840 · 2021-10-15T14:12:46.000-07:00
This rule needs to end in a `/` so that all files under the extension are allowed
diff --git a/src/vs/workbench/api/common/extHostWebview.ts b/src/vs/workbench/api/common/extHostWebview.ts
@@ -78,7 +78,12 @@ export class ExtHostWebview implements vscode.Webview {
 		if (extensionLocation.scheme === Schemas.https || extensionLocation.scheme === Schemas.http) {
 			// The extension is being served up from a CDN.
 			// Also include the CDN in the default csp.
-			return extensionLocation + ' ' + webviewGenericCspSource;
+			let extensionCspRule = extensionLocation.toString();
+			if (!extensionCspRule.endsWith('/')) {
+				// Always treat the location as a directory so that we allow all content under it
+				extensionCspRule += '/';
+			}
+			return extensionCspRule + ' ' + webviewGenericCspSource;
 		}
 		return webviewGenericCspSource;
 	}

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,12 @@ export class ExtHostWebview implements vscode.Webview {`
`78`	`78`	`if (extensionLocation.scheme === Schemas.https \|\| extensionLocation.scheme === Schemas.http) {`
`79`	`79`	`// The extension is being served up from a CDN.`
`80`	`80`	`// Also include the CDN in the default csp.`
`81`		`- return extensionLocation + ' ' + webviewGenericCspSource;`
	`81`	`+ let extensionCspRule = extensionLocation.toString();`
	`82`	`+ if (!extensionCspRule.endsWith('/')) {`
	`83`	`+ // Always treat the location as a directory so that we allow all content under it`
	`84`	`+ extensionCspRule += '/';`
	`85`	`+ }`
	`86`	`+ return extensionCspRule + ' ' + webviewGenericCspSource;`
`82`	`87`	`}`
`83`	`88`	`return webviewGenericCspSource;`
`84`	`89`	`}`