From ea2caf00ac80ad7ddd8c1eff083cc0a8e675e4ab Mon Sep 17 00:00:00 2001 From: Asher Date: Mon, 5 May 2025 12:12:55 -0800 Subject: [PATCH] Allow setting trusted domains for links at run-time It can be set either: 1. In the product.json (normally the product.json is embedded during the build and not read at run-time). 2. With the --link-protection-trusted-domains flag. --- patches/series | 1 + patches/trusted-domains.diff | 49 ++++++++++++++++++++++++++++++++++++ src/node/cli.ts | 7 +++++- 3 files changed, 56 insertions(+), 1 deletion(-) create mode 100644 patches/trusted-domains.diff diff --git a/patches/series b/patches/series index 61c801ae9..3f7c5adde 100644 --- a/patches/series +++ b/patches/series @@ -20,3 +20,4 @@ getting-started.diff keepalive.diff clipboard.diff display-language.diff +trusted-domains.diff diff --git a/patches/trusted-domains.diff b/patches/trusted-domains.diff new file mode 100644 index 000000000..98c012e61 --- /dev/null +++ b/patches/trusted-domains.diff @@ -0,0 +1,49 @@ +Allow configuring trusted domains via product.json or flag. + +Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts +=================================================================== +--- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts ++++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts +@@ -20,6 +20,7 @@ export const serverOptions: OptionDescri + 'disable-file-uploads': { type: 'boolean' }, + 'disable-getting-started-override': { type: 'boolean' }, + 'locale': { type: 'string' }, ++ 'link-protection-trusted-domains': { type: 'string[]' }, + + /* ----- server setup ----- */ + +@@ -108,6 +109,7 @@ export interface ServerParsedArgs { + 'disable-file-uploads'?: boolean; + 'disable-getting-started-override'?: boolean, + 'locale'?: string ++ 'link-protection-trusted-domains'?: string[], + + /* ----- server setup ----- */ + +Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts +=================================================================== +--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts ++++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts +@@ -339,6 +339,14 @@ export class WebClientServer { + scopes: [['user:email'], ['repo']] + } : undefined; + ++ const linkProtectionTrustedDomains: string[] = []; ++ if (this._environmentService.args['link-protection-trusted-domains']) { ++ linkProtectionTrustedDomains.push(...this._environmentService.args['link-protection-trusted-domains']); ++ } ++ if (this._productService.linkProtectionTrustedDomains) { ++ linkProtectionTrustedDomains.push(...this._productService.linkProtectionTrustedDomains); ++ } ++ + const productConfiguration = { + codeServerVersion: this._productService.codeServerVersion, + rootEndpoint: rootBase, +@@ -353,6 +361,7 @@ export class WebClientServer { + telemetryEndpoint: this._productService.telemetryEndpoint, + embedderIdentifier: 'server-distro', + extensionsGallery: this._productService.extensionsGallery, ++ linkProtectionTrustedDomains, + } satisfies Partial; + + if (!this._environmentService.isBuilt) { diff --git a/src/node/cli.ts b/src/node/cli.ts index a07a18b0a..46b479138 100644 --- a/src/node/cli.ts +++ b/src/node/cli.ts @@ -30,7 +30,7 @@ export enum LogLevel { export class OptionalString extends Optional {} /** - * Code flags provided by the user. + * (VS) Code flags provided by the user. */ export interface UserProvidedCodeArgs { "disable-telemetry"?: boolean @@ -54,6 +54,7 @@ export interface UserProvidedCodeArgs { "disable-proxy"?: boolean "session-socket"?: string "abs-proxy-base-path"?: string + "link-protection-trusted-domains"?: string[] } /** @@ -194,6 +195,10 @@ export const options: Options> = { enable: { type: "string[]" }, help: { type: "boolean", short: "h", description: "Show this output." }, json: { type: "boolean" }, + "link-protection-trusted-domains": { + type: "string[]", + description: "Links matching a trusted domain can be opened without link protection.", + }, locale: { // The preferred way to set the locale is via the UI. type: "string",