From de010f538c3ea6f6db4067e099926786bb82beb3 Mon Sep 17 00:00:00 2001
From: Matt Bierner <matb@microsoft.com>
Date: Wed, 23 Oct 2019 11:56:19 -0700
Subject: [PATCH] Only use endpoint origin when rewriting csp in webviews

---
 src/vs/workbench/contrib/webview/browser/pre/main.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/vs/workbench/contrib/webview/browser/pre/main.js b/src/vs/workbench/contrib/webview/browser/pre/main.js
index 3585d8b83eb..e137096b81a 100644
--- a/src/vs/workbench/contrib/webview/browser/pre/main.js
+++ b/src/vs/workbench/contrib/webview/browser/pre/main.js
@@ -308,7 +308,12 @@
 			} else {
 				// Rewrite vscode-resource in csp
 				if (data.endpoint) {
-					csp.setAttribute('content', csp.getAttribute('content').replace(/vscode-resource:/g, data.endpoint));
+					try {
+						const endpointUrl = new URL(data.endpoint);
+						csp.setAttribute('content', csp.getAttribute('content').replace(/vscode-resource:(?=(\s|;|$))/g, endpointUrl.origin));
+					} catch (e) {
+						console.error('Could not rewrite csp');
+					}
 				}
 			}
 
-- 
GitLab