forked from VSCodium/vscodium
-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy path009-patch-csp.patch
More file actions
36 lines (32 loc) · 2.51 KB
/
Copy path009-patch-csp.patch
File metadata and controls
36 lines (32 loc) · 2.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
diff --git a/src/vs/workbench/contrib/webview/browser/pre/index-no-csp.html b/src/vs/workbench/contrib/webview/browser/pre/index-no-csp.html
index ae571f8..25b484d 100644
--- a/src/vs/workbench/contrib/webview/browser/pre/index-no-csp.html
+++ b/src/vs/workbench/contrib/webview/browser/pre/index-no-csp.html
@@ -848,7 +848,7 @@
// Strip out unsupported http-equiv tags
for (const metaElement of Array.from(newDocument.querySelectorAll('meta'))) {
const httpEquiv = metaElement.getAttribute('http-equiv');
- if (httpEquiv && !/^(content-security-policy|default-style|content-type)$/i.test(httpEquiv)) {
+ if (httpEquiv && !/^(content-security-policy|default-style|content-type|permission-policy)$/i.test(httpEquiv)) {
console.warn(`Removing unsupported meta http-equiv: ${httpEquiv}`);
metaElement.remove();
}
diff --git a/src/vs/workbench/contrib/webview/browser/pre/index.html b/src/vs/workbench/contrib/webview/browser/pre/index.html
index 6a1f3d4..088cabd 100644
--- a/src/vs/workbench/contrib/webview/browser/pre/index.html
+++ b/src/vs/workbench/contrib/webview/browser/pre/index.html
@@ -5,7 +5,7 @@
<meta charset="UTF-8">
<meta http-equiv="Content-Security-Policy"
- content="default-src 'none'; script-src 'sha256-DXeP32g8BdMsVuVabYTmznoTH59F7M7UtV0vXemEFqc=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
+ content="default-src 'none'; script-src 'sha256-TpNq85wOefXSbWypxz8qJ5s7Q5u343KpXkyQ371KtgQ=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
<!-- Disable pinch zooming -->
@@ -880,7 +880,7 @@
// Strip out unsupported http-equiv tags
for (const metaElement of Array.from(newDocument.querySelectorAll('meta'))) {
const httpEquiv = metaElement.getAttribute('http-equiv');
- if (httpEquiv && !/^(content-security-policy|default-style|content-type)$/i.test(httpEquiv)) {
+ if (httpEquiv && !/^(content-security-policy|default-style|content-type|permission-policy)$/i.test(httpEquiv)) {
console.warn(`Removing unsupported meta http-equiv: ${httpEquiv}`);
metaElement.remove();
}