Code-server: v2 - Content Security Policy prevents vscode-java-test from working

Created on 13 Aug 2019  路  3Comments  路  Source: cdr/code-server

The ms vscode java test runner extension inlines jquery-3.3.1.slim.min.js and a number of css files to generate it's view.

This was working fine while running 1.33.1, however using the latest v2 webview branch it's now generating content security policy errors when it tries to load those, creating the following error in chrome:

main.js:385 Refused to load the script 'http://localhost:8080/webview/vscode-resource/usr/local/extensions/vscjava.vscode-java-test-0.18.2/resources/templates/js/jquery-3.3.1.slim.min.js' because it violates the following Content Security Policy directive: "script-src vscode-resource: 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

The full console output:

Screenshot 2019-08-13 at 22 49 48

And the code which is doing the loading:

Screenshot 2019-08-13 at 22 50 33

bug
Source
picture chrischabot

Most helpful comment

I've tried out the latest changes and it's confirmed fixed. Thanks!

picture chrischabot on 16 Aug 2019
🎉2 👍1

All 3 comments

@rikusen0335 reported that in the console a similar CSP issue can be seen on startup:

Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' blob: vscode-remote:".
deansheather picture deansheather on 15 Aug 2019

@deansheather Thank you for answering. So we'll stay wait for a fix.

rikusen0335 picture rikusen0335 on 15 Aug 2019

I've tried out the latest changes and it's confirmed fixed. Thanks!

chrischabot picture chrischabot on 16 Aug 2019
🎉2 👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

pchecinski picture pchecinski  路  3Comments
avelino picture avelino  路  3Comments
grant picture grant  路  3Comments
infogulch picture infogulch  路  3Comments
infogulch picture infogulch  路  3Comments