Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge vscode-workspace-resource and vscode-extension-resource #45784

Closed
mjbvz opened this issue Mar 14, 2018 · 1 comment
Closed

Merge vscode-workspace-resource and vscode-extension-resource #45784

mjbvz opened this issue Mar 14, 2018 · 1 comment
Assignees
@mjbvz
Labels
on-testplan webview Webview issues
Milestone
April 2018

Comments

@mjbvz
Copy link
Collaborator

mjbvz commented Mar 14, 2018
edited
Loading

Problem
Webview API proposal (#43713) introduces two resource schemes for loading local files:

  • vscode-workspace-resource: Resources from the user's workspace. This can also be overridden by localResourceRoots
  • vscode-extension-resource: This allows reading from extension's install directory

However this scheme prevents cross origin requests between extension resources and workspace resources. vscode-extension-resource also currently allows reading any extension's resources, which may not be safe (if, for example, some crazy extension stores user creds in the extension's install directory)

Proposal
Replace these two with a new vscode-resource scheme. This scheme would allow access to files within localResourceRoots. If not specified, localResourceRoots would include:

  • Currently opened workspaces folders
  • The extension's install directory

Extensions could override this with localResourceRoots
@mjbvz mjbvz added the webview Webview issues label Mar 14, 2018
@mjbvz mjbvz added this to the March 2018 milestone Mar 14, 2018
@mjbvz mjbvz self-assigned this Mar 14, 2018
@mjbvz mjbvz closed this as completed in 82084be Mar 14, 2018
@ramya-rao-a
Copy link
Contributor

Moving to April as this is essentially part of #43713 which is for April

@ramya-rao-a ramya-rao-a modified the milestones: March 2018, April 2018 Mar 30, 2018
@vscodebot vscodebot bot locked and limited conversation to collaborators Apr 28, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mjbvz mjbvz

Labels
on-testplan webview Webview issues
Projects
None yet
Milestone
April 2018
Development

No branches or pull requests
2 participants
@mjbvz @ramya-rao-a