Compare commits

..

1 Commits

Author SHA1 Message Date
cdrci
48d57a5b64 Update Code to 1.128.1 2026-07-14 21:25:54 +00:00
9 changed files with 87 additions and 97 deletions

View File

@@ -1 +1 @@
24.18.0 24.17.0

View File

@@ -22,12 +22,6 @@ Code v99.99.999
## Unreleased ## Unreleased
Code v1.129.0
### Changed
- Update to Code 1.129.0
## [4.128.0](https://github.com/coder/code-server/releases/tag/v4.128.0) - 2026-07-11 ## [4.128.0](https://github.com/coder/code-server/releases/tag/v4.128.0) - 2026-07-11
Code v1.128.0 Code v1.128.0

View File

@@ -4,7 +4,7 @@ set -Eeuo pipefail
function unapply_patches() { function unapply_patches() {
local -i exit_code=0 local -i exit_code=0
quiet quilt pop -af 2>&1 || exit_code=$? quiet quilt pop -af || exit_code=$?
case $exit_code in case $exit_code in
# Sucessfully unapplied. # Sucessfully unapplied.
0) ;; 0) ;;
@@ -15,19 +15,6 @@ function unapply_patches() {
esac esac
} }
function apply_patches() {
local -i exit_code=0
quiet quilt push -a 2>&1 || exit_code=$?
case $exit_code in
# Sucessfully applied.
0) ;;
# No more patches to apply.
2) ;;
# Some error.
*) return $exit_code ;;
esac
}
function update_vscode() { function update_vscode() {
pushd lib/vscode pushd lib/vscode
if ! git checkout 2>&1 "$target_vscode_version" ; then if ! git checkout 2>&1 "$target_vscode_version" ; then
@@ -41,8 +28,8 @@ function update_vscode() {
function refresh_patches() { function refresh_patches() {
local -i exit_code=0 local -i exit_code=0
while quiet quilt push 2>&1 ; ! (( exit_code=$? )) ; do while quiet quilt push ; ! (( exit_code=$? )) ; do
quilt refresh 2>&1 quilt refresh
done done
case $exit_code in case $exit_code in
# No more patches to apply. # No more patches to apply.
@@ -69,41 +56,50 @@ function get-webview-script-hash() {
local html local html
html=$(<"$1") html=$(<"$1")
local start_tag='<script async type="module">' local start_tag='<script async type="module">'
if [[ $file == */webWorkerExtensionHostIframe.html ]] ; then
start_tag='<script>'
fi
local end_tag="</script>" local end_tag="</script>"
html=${html##*"$start_tag"} html=${html##*"$start_tag"}
html=${html%%"$end_tag"*} html=${html%%"$end_tag"*}
echo -n "$html" | openssl sha256 -binary | openssl base64 echo -n "$html" | openssl sha256 -binary | openssl base64
} }
function delete_csp() {
quilt delete csp-hashes.diff
}
function update_csp() { function update_csp() {
apply_patches local current
current=$(quilt top 2>/dev/null || echo "")
local files=( local patch_action=""
./lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html echo "Currently at ${current:-base}"
./lib/vscode/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html if [[ $current != */webview.diff ]] ; then
) echo "Moving to patches/webview.diff..."
local -i exit_code=0
quilt new csp-hashes.diff if quilt applied 2>/dev/null | grep --quiet webview.diff ; then
quiet quilt pop webview || exit_code=$?
local file patch_action=pop
for file in "${files[@]}" ; do else
quilt add "$file" quiet quilt push webview || exit_code=$?
patch_action=push
local hash fi
hash=$(get-webview-script-hash "$file") case $exit_code in
echo "Calculated hash as $hash" # Successfully moved.
# Use octothorpe as a delimiter since the hash may contain a slash. 0) ;;
sed -i.bak "s#'sha256-[^']\+'#'sha256-$hash'#" "$file" # Some error.
done *) return $exit_code ;;
esac
fi
local file=lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
local hash
hash=$(get-webview-script-hash "$file")
echo "Calculated hash as $hash"
# Use octothorpe as a delimiter since the hash may contain a slash.
sed -i.bak "s#script-src 'sha256-[^']\+'#script-src 'sha256-$hash'#" "$file"
quilt refresh quilt refresh
if [[ $patch_action != "" ]] ; then
echo "Moving back to ${current:-base}..."
case $patch_action in
pop) quiet quilt push "$current" ;;
push) quiet quilt pop "${current:--a}" ;;
esac
fi
} }
function add_changelog() { function add_changelog() {
@@ -124,9 +120,6 @@ function main() {
declare -a steps declare -a steps
# Hashes are always regenerated to avoid having to resolve conflicts..
steps+=("Revert CSP hashes" "delete_csp")
# If version is not set, assume we are already at the target version and the # If version is not set, assume we are already at the target version and the
# user is just trying to resolve conflics. # user is just trying to resolve conflics.
local target_vscode_version local target_vscode_version
@@ -148,7 +141,7 @@ function main() {
steps+=( steps+=(
"Update Node version" "update_node" "Update Node version" "update_node"
"Regenerate CSP hashes" "update_csp" "Update CSP webview hash" "update_csp"
"Add changelog note" "add_changelog" "Add changelog note" "add_changelog"
) )

View File

@@ -85,20 +85,18 @@ run-steps() {
while (( $# )) ; do while (( $# )) ; do
local name=$1 ; shift local name=$1 ; shift
local fn=$1 ; shift local fn=$1 ; shift
echo "$name..."
# Only run if an earlier step has not failed. # Only run if an earlier step has not failed.
# For all failed steps, write out an empty checkbox.
if [[ $failed == 0 ]] ; then if [[ $failed == 0 ]] ; then
echo "$name..."
if $fn | indent ; then if $fn | indent ; then
echo "- [X] $name" >> .cache/checklist echo "- [X] $name" >> .cache/checklist
else else
((failed++)) ((failed++))
echo "- [-] $name" >> .cache/checklist
echo "Failed" | indent
fi fi
else fi
# For all failed steps, write out an empty checkbox.
if [[ $failed != 0 ]] ; then
echo "- [ ] $name" >> .cache/checklist echo "- [ ] $name" >> .cache/checklist
echo "Skipped" | indent
fi fi
done done
if [[ $failed != 0 ]] ; then if [[ $failed != 0 ]] ; then

View File

@@ -1,26 +0,0 @@
Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
===================================================================
--- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
+++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
@@ -5,7 +5,7 @@
<meta charset="UTF-8">
<meta http-equiv="Content-Security-Policy"
- content="default-src 'none'; script-src 'sha256-nXjtuhBilO++r8hfxl5VjEScSmdm07wDAk6jw228DgM=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
+ content="default-src 'none'; script-src 'sha256-A6/szVNdTzyi4hDa+9OLbzS8tSd2iUV4CqimLNWex2Y=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
<!-- Disable pinch zooming -->
<meta name="viewport"
Index: code-server/lib/vscode/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
===================================================================
--- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
+++ code-server/lib/vscode/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
@@ -4,7 +4,7 @@
<meta http-equiv="Content-Security-Policy" content="
default-src 'none';
child-src 'self' data: blob:;
- script-src 'self' 'unsafe-eval' 'sha256-daEgfo2VIXpx2Np71KqCCbkeQwv+68vPrx54XRcbdcs=' https: http://localhost:* blob:;
+ script-src 'self' 'unsafe-eval' 'sha256-gfjiOVjAlxqrivZAfTq2d83mOaz0fnAxbGaFpj5IjD8=' https: http://localhost:* blob:;
connect-src 'self' https: wss: http://localhost:* http://127.0.0.1:* ws://localhost:* ws://127.0.0.1:*;"/>
</head>
<body>

View File

@@ -10,17 +10,18 @@ Index: code-server/lib/vscode/src/vs/workbench/services/extensions/common/extens
=================================================================== ===================================================================
--- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/common/extensions.ts --- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/common/extensions.ts
+++ code-server/lib/vscode/src/vs/workbench/services/extensions/common/extensions.ts +++ code-server/lib/vscode/src/vs/workbench/services/extensions/common/extensions.ts
@@ -324,6 +324,10 @@ function extensionDescriptionArrayToMap( @@ -321,10 +321,7 @@ function extensionDescriptionArrayToMap(
} }
export function isProposedApiEnabled(extension: IExtensionDescription, proposal: ApiProposalName): boolean { export function isProposedApiEnabled(extension: IExtensionDescription, proposal: ApiProposalName): boolean {
+ return true; - if (!extension.enabledApiProposals) {
+} - return false;
+ - }
+export function _isProposedApiEnabled(extension: IExtensionDescription, proposal: ApiProposalName): boolean { - return true;// extension.enabledApiProposals.includes(proposal);
if (!extension.enabledApiProposals) { + return true
return false; }
}
export function checkProposedApiEnabled(extension: IExtensionDescription, proposal: ApiProposalName): void {
Index: code-server/lib/vscode/src/vs/workbench/services/extensions/common/extensionsProposedApi.ts Index: code-server/lib/vscode/src/vs/workbench/services/extensions/common/extensionsProposedApi.ts
=================================================================== ===================================================================
--- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/common/extensionsProposedApi.ts --- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/common/extensionsProposedApi.ts

View File

@@ -24,4 +24,3 @@ trusted-domains.diff
signature-verification.diff signature-verification.diff
copilot.diff copilot.diff
app-name.diff app-name.diff
csp-hashes.diff

View File

@@ -3,6 +3,9 @@ Serve webviews from the same origin
Normally webviews are served from vscode-webview.net but we would rather them be Normally webviews are served from vscode-webview.net but we would rather them be
self-hosted. self-hosted.
When doing this CSP will block resources (for example when viewing images) so
add 'self' to the CSP to fix that.
Additionally the service worker defaults to handling *all* requests made to the Additionally the service worker defaults to handling *all* requests made to the
current host but when self-hosting the webview this will end up including the current host but when self-hosting the webview this will end up including the
webview HTML itself which means these requests will fail since the communication webview HTML itself which means these requests will fail since the communication
@@ -17,6 +20,16 @@ webview host is separate by default but we serve on the same host).
To test, open a few types of webviews (images, markdown, extension details, etc). To test, open a few types of webviews (images, markdown, extension details, etc).
Make sure to update the hash. To do so:
1. run code-server
2. open any webview (i.e. preview Markdown)
3. see error in console and copy hash
That will test the hash change in pre/index.html
Double-check the console to make sure there are no console errors for the webWorkerExtensionHostIframe
which also requires a hash change.
parentOriginHash changes parentOriginHash changes
This fixes webviews from not working properly due to a change upstream. This fixes webviews from not working properly due to a change upstream.
@@ -53,6 +66,15 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index
=================================================================== ===================================================================
--- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html --- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
+++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html +++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
@@ -5,7 +5,7 @@
<meta charset="UTF-8">
<meta http-equiv="Content-Security-Policy"
- content="default-src 'none'; script-src 'sha256-nXjtuhBilO++r8hfxl5VjEScSmdm07wDAk6jw228DgM=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
+ content="default-src 'none'; script-src 'sha256-A6/szVNdTzyi4hDa+9OLbzS8tSd2iUV4CqimLNWex2Y=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
<!-- Disable pinch zooming -->
<meta name="viewport"
@@ -253,7 +253,7 @@ @@ -253,7 +253,7 @@
} }
@@ -79,8 +101,17 @@ Index: code-server/lib/vscode/src/vs/workbench/services/extensions/worker/webWor
=================================================================== ===================================================================
--- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html --- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
+++ code-server/lib/vscode/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html +++ code-server/lib/vscode/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
@@ -34,6 +34,13 @@ @@ -4,7 +4,7 @@
} <meta http-equiv="Content-Security-Policy" content="
default-src 'none';
child-src 'self' data: blob:;
- script-src 'self' 'unsafe-eval' 'sha256-cl8ijlOzEe+0GRCQNJQu2k6nUQ0fAYNYIuuKEm72JDs=' https: http://localhost:* blob:;
+ script-src 'self' 'unsafe-eval' 'sha256-yhZXuB8LS6t73dvNg6rtLX8y4PHLnqRm5+6DdOGkOcw=' https: http://localhost:* blob:;
connect-src 'self' https: wss: http://localhost:* http://127.0.0.1:* ws://localhost:* ws://127.0.0.1:*;"/>
</head>
<body>
@@ -25,6 +25,13 @@
// validation not requested
return start(); return start();
} }
+ +