relax CSP policy to address vim extension installation problem (#141)

feiyangliu2023 · Feiyang Liu · web-flow · commit 13f2b78f828b · 2026-02-11T14:54:29.000+01:00
Co-authored-by: Feiyang Liu &lt;lfeiyang@amazon.nl&gt;
diff --git a/patches/common/preapplied/remove-unsafe-headers.diff b/patches/common/preapplied/remove-unsafe-headers.diff
@@ -49,17 +49,4 @@ Index: third-party-src/src/vs/workbench/contrib/notebook/browser/view/renderers/
 +					script-src ${webviewGenericCspSource} 'unsafe-inline' 'wasm-unsafe-eval';
  					style-src ${webviewGenericCspSource} 'unsafe-inline';
  					img-src ${webviewGenericCspSource} https: http: data:;
- 					font-src ${webviewGenericCspSource} https:;
-Index: third-party-src/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
-===================================================================
---- third-party-src.orig/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
-+++ third-party-src/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
-@@ -4,7 +4,7 @@
- 		<meta http-equiv="Content-Security-Policy" content="
- 			default-src 'none';
- 			child-src 'self' data: blob:;
--			script-src 'self' 'unsafe-eval' 'sha256-cl8ijlOzEe+0GRCQNJQu2k6nUQ0fAYNYIuuKEm72JDs=' https: http://localhost:* blob:;
-+			script-src 'self' 'wasm-unsafe-eval' 'sha256-cl8ijlOzEe+0GRCQNJQu2k6nUQ0fAYNYIuuKEm72JDs=' https: http://localhost:* blob:;
- 			connect-src 'self' https: wss: http://localhost:* http://127.0.0.1:* ws://localhost:* ws://127.0.0.1:*;"/>
- 	</head>
- 	<body>
+ 					font-src ${webviewGenericCspSource} https:;
diff --git a/patches/web-embedded/remove-unsafe-eval-and-unsafe-inline-from-csp-direct.diff b/patches/web-embedded/remove-unsafe-eval-and-unsafe-inline-from-csp-direct.diff
@@ -65,8 +65,8 @@ Index: third-party-src/src/vs/workbench/services/extensions/worker/webWorkerExte
  		<meta http-equiv="Content-Security-Policy" content="
  			default-src 'none';
  			child-src 'self' data: blob:;
--			script-src 'self' 'wasm-unsafe-eval' 'sha256-cl8ijlOzEe+0GRCQNJQu2k6nUQ0fAYNYIuuKEm72JDs=' https: http://localhost:* blob:;
+-			script-src 'self' 'unsafe-eval' 'sha256-cl8ijlOzEe+0GRCQNJQu2k6nUQ0fAYNYIuuKEm72JDs=' https: http://localhost:* blob:;
 +			script-src 'self' 'sha256-cl8ijlOzEe+0GRCQNJQu2k6nUQ0fAYNYIuuKEm72JDs=' https: http://localhost:* blob:;
  			connect-src 'self' https: wss: http://localhost:* http://127.0.0.1:* ws://localhost:* ws://127.0.0.1:*;"/>
  	</head>
- 	<body>
+ 	<body>
