feat: expose sharedSessionCookies on WebviewOptions#27
Open
ibetitsmike wants to merge 1 commit intomainfrom
Open
feat: expose sharedSessionCookies on WebviewOptions#27ibetitsmike wants to merge 1 commit intomainfrom
ibetitsmike wants to merge 1 commit intomainfrom
Conversation
Add a new sharedSessionCookies option to vscode.WebviewOptions that allows extension-authored desktop webviews to send existing Electron session cookies to explicitly allowlisted external origins. - Add sharedSessionCookies to the public API (vscode.d.ts) - Plumb through ext-host serialization, protocol, and main-thread revival - Add normalizeSharedSessionCookies helper with origin validation - Update areWebviewContentOptionsEqual for the new field - Propagate policy to preload index.html and service worker - Service worker intercepts allowlisted external-origin requests with credentials: 'include' - Add tests for serialization, equality, and cookie policy validation - Desktop/Electron only; browser/web builds safely ignore the option
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a new
sharedSessionCookiesoption tovscode.WebviewOptionsso extension-authored desktop webviews can send VS Code's existing Electron session cookies to explicitly allowlisted external origins.Changes
sharedSessionCookies?: { allowedOrigins: readonly string[] }onWebviewOptionsinvscode.d.tsIWebviewContentOptions, ext-host serialization, main-thread revival, and internalWebviewContentOptionsall carry the new fieldnormalizeSharedSessionCookiesvalidates/normalizes origins (HTTPS-only except localhost, dedupes, rejects paths/credentials/wildcards)index.htmlforwards the policy to the service worker; service worker intercepts allowlisted external-origin requests withcredentials: 'include'