chore: prettierignore updates and setup-helm upgrade (#5721 )

* chore: update prettierignore * chore: upgrade setup-helm 3.4
release: 4.8.1 (#5722 )
2026-04-16 12:25:03 -05:00 · 2022-10-28 16:15:19 +00:00 · 2022-10-28 08:55:45 -07:00 · 2022-10-26 18:50:08 +00:00 · 2022-10-26 11:20:11 -07:00
10 changed files with 41 additions and 33 deletions
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -83,9 +83,8 @@ jobs:

      - name: Install helm
        if: steps.changed-files.outputs.any_changed == 'true'
-        uses: azure/setup-helm@v3.3
+        uses: azure/setup-helm@v3.4
        with:
-          version: "v3.10.1"
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Install helm kubeval plugin
--- a/.prettierignore
+++ b/.prettierignore
@@ -1,4 +1,7 @@
 lib/vscode
+lib/vscode-reh-web-linux-x64
+release-standalone
+release
 helm-chart
 test/scripts
 test/e2e/extensions/test-extension
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,15 @@ Code v99.99.999

 -->

+## [4.8.1](https://github.com/coder/code-server/releases/tag/v4.8.1) - 2022-10-28
+
+Code v1.72.1
+
+### Fixed
+
+- Fixed CSP error introduced in 4.8.0 that caused issues with webviews and most
+  extensions.
+
 ## [4.8.0](https://github.com/coder/code-server/releases/tag/v4.8.0) - 2022-10-24

 Code v1.72.1
--- a/ci/helm-chart/Chart.yaml
+++ b/ci/helm-chart/Chart.yaml
@@ -15,9 +15,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.3.0
+version: 3.3.1

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 4.8.0
+appVersion: 4.8.1
--- a/ci/helm-chart/values.yaml
+++ b/ci/helm-chart/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 1

 image:
  repository: codercom/code-server
-  tag: '4.8.0'
+  tag: '4.8.1'
  pullPolicy: Always

 # Specifies one or more secrets to be used when pulling images from a
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "code-server",
  "license": "MIT",
-  "version": "4.8.0",
+  "version": "4.8.1",
  "description": "Run VS Code on a remote server.",
  "homepage": "https://github.com/coder/code-server",
  "bugs": {
--- a/patches/parent-origin.diff
+++ b/patches/parent-origin.diff
@@ -1,24 +0,0 @@
-Remove parentOriginHash checko
-
-This fixes webviews from not working properly due to a change upstream.
-Upstream added a check to ensure parent authority is encoded into the webview
-origin. Since our webview origin is the parent authority, we can bypass this
-check.
-
-Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/main.js
-===================================================================
--- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/main.js
-+++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/main.js
-@@ -317,6 +317,12 @@ const hostMessaging = new class HostMess
- 		const id = searchParams.get('id');
- 
- 		const hostname = location.hostname;
-+
-+		// It is safe to run if we are on the same host.
-+		const parent = new URL(parentOrigin)
-+		if (parent.hostname == location.hostname) {
-+			return start(parentOrigin)
-+		}
- 
- 		if (!crypto.subtle) {
- 			// cannot validate, not running in a secure context
--- a/patches/telemetry.diff
+++ b/patches/telemetry.diff
@@ -3,7 +3,7 @@ Add support for telemetry endpoint
 To test:
 1. Create a RequestBin - https://requestbin.io/
 2. Run code-server with `CS_TELEMETRY_URL` set: 
-  i.e. `CS_TELEMETRY_URL="https://requestbin.io/1ebub9z1" ./code-server-4.8.0-macos-amd64/bin/code-server`
+  i.e. `CS_TELEMETRY_URL="https://requestbin.io/1ebub9z1" ./code-server-<version>-macos-amd64/bin/code-server`
 3. Load code-server in browser an do things (i.e. open a file)
 4. Refresh RequestBin and you should see logs

--- a/patches/webview.diff
+++ b/patches/webview.diff
@@ -25,6 +25,18 @@ Make sure to update the hash. To do so:
 2. open any webview (i.e. preview Markdown)
 3. see error in console and copy hash

+That will test the hash change in pre/index.html
+
+Double-check the console to make sure there are no console errors for the webWorkerExtensionHostIframe
+which also requires a hash change.
+
+parentOriginHash changes
+
+This fixes webviews from not working properly due to a change upstream.
+Upstream added a check to ensure parent authority is encoded into the webview
+origin. Since our webview origin is the parent authority, we can bypass this
+check.
+
 Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
@@ -54,6 +66,15 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
 +++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
+@@ -5,7 +5,7 @@
+ 	<meta charset="UTF-8">
+ 
+ 	<meta http-equiv="Content-Security-Policy"
+-		content="default-src 'none'; script-src 'sha256-wwaDxsm1+SKIUb5YJXiZlYMyV7QPB8+zd6HPcTjigZs=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
+		content="default-src 'none'; script-src 'sha256-IZkGO4jZeUn7pzM6pBZCZc9bUYm8oVNV3z8zEa8gxlk=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
+ 
+ 	<!-- Disable pinch zooming -->
+ 	<meta name="viewport"
@@ -331,6 +331,12 @@
 
 				const hostname = location.hostname;
@@ -93,7 +114,7 @@ Index: code-server/lib/vscode/src/vs/workbench/services/extensions/worker/webWor
 			default-src 'none';
 			child-src 'self' data: blob:;
 -			script-src 'self' 'unsafe-eval' 'sha256-/r7rqQ+yrxt57sxLuQ6AMYcy/lUpvAIzHjIJt/OeLWU=' https:;
-+			script-src 'self' 'unsafe-eval' 'sha256-wwaDxsm1+SKIUb5YJXiZlYMyV7QPB8+zd6HPcTjigZs=' https:;
+			script-src 'self' 'unsafe-eval' 'sha256-TkIM/TmudlFEe0ZRp0ptvN54LClwk30Rql4ZPE0hm/I=' https:;
 			connect-src 'self' https: wss: http://localhost:* http://127.0.0.1:* ws://localhost:* ws://127.0.0.1:*;"/>
 	</head>
 	<body>
--- a/test/unit/node/test-plugin/package.json
+++ b/test/unit/node/test-plugin/package.json
@@ -3,7 +3,7 @@
  "name": "test-plugin",
  "version": "1.0.0",
  "engines": {
-    "code-server": "^4.8.0"
+    "code-server": "^4.8.1"
  },
  "main": "out/index.js",
  "devDependencies": {
Author	SHA1	Message	Date
Joe Previte	ca182b9fb5	chore: prettierignore updates and setup-helm upgrade (#5721 ) * chore: update prettierignore * chore: upgrade setup-helm 3.4	2022-10-28 16:15:19 +00:00
Joe Previte	cc8ce3b3c6	release: 4.8.1 (#5722 ) * chore(release): bump version to 4.8.1 * chore: bump helm-chart * chore: update CHANGELOG	2022-10-28 08:55:45 -07:00
Joe Previte	ba44f6cc97	release: 4.8.1-rc.1 (#5713 ) * chore(release): bump version to 4.8.1 * fixup * revert: don't change to 4.8.1	2022-10-26 18:50:08 +00:00
Joe Previte	e6d2d72f9c	fix: CSP and webview errors (#5712 ) * fix: update hashes in webview patch We missed a hash update and also had the wrong hash for another HTML file which caused issues in 4.8.0. * refactor: move parent-origin into webview	2022-10-26 11:20:11 -07:00