Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

how works vscode-remote+code-serverurl http request #6826

Open
alexisdondon opened this issue Jun 6, 2024 · 3 comments
Open

how works vscode-remote+code-serverurl http request #6826

alexisdondon opened this issue Jun 6, 2024 · 3 comments
Labels
docs Documentation related

Comments

@alexisdondon
Copy link

What is your suggestion?

I have identified some http request in the browser like this one :

https://vscode-remote+urlOfMyCodeServer.vscode-resource.vscode-cdn.net/some/path/to/extensions/ms-toolsai.jupyter-renderers-1.0.17-universal/out/client_renderer/builtinRendererHooks.js

The use case is the jypyter extension of vscode.

How will this improve the docs?

I have two questions:

  • how my browser know that this query should connect to the urlOfMyCodeServer because the urlOfMyCodeServer.vscode-resource.vscode-cdn.net do not exist from my knowledge.
  • by the way, i am trying to add a Content-Security-Policy more restrictive for security purpose, this kind of url force connect-src to specify the domain .vscode-resource.vscode-cdn.net is there a way to change this behaviour or should i live with this domain open even if i understard that the url return a javascirpt file not on internet but within codeserver
@alexisdondon alexisdondon added the docs Documentation related label Jun 6, 2024
@code-asher
Copy link
Member

Yeah I believe that URL is fake. It is intercepted by the service worker and it returns a response by reading the file through the websocket instead.

It can probably be changed to be anything, and I think it would be reasonable to change it to the current domain or something like that.

@alexisdondon
Copy link
Author

the url is fake also i think but firefox send this http request and with a more restricted csp the query is blocked.

I don't understand how the query http is really sent/routed to the code-server maybe this is related to WebView technology but i am not sure and need to dig more to understand

@code-asher
Copy link
Member

code-asher commented Jun 7, 2024
edited
Loading

Ahhhh right that makes sense.

Yeah I think iframes + service worker is meant to emulate Electron's webviews, but I am not familiar with Electron or webviews very much so I am not able to infer more.

But, I can point you to where the service worker intercepts HTTP requests:

https://github.com/microsoft/vscode/blob/52c722c7bbec270a00c0ba530508a82bcddb0f79/src/vs/workbench/contrib/webview/browser/pre/service-worker.js#L169

I think this can be changed to anything but I am not sure (maybe we should change it to location.host for example): https://github.com/microsoft/vscode/blob/52c722c7bbec270a00c0ba530508a82bcddb0f79/src/vs/workbench/contrib/webview/common/webview.ts#L21

The folks up at https://github.com/microsoft/vscode will definitely know more than me though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docs Documentation related
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@code-asher @alexisdondon