Microsoft/vscode
1
0
Fork 0
mirror of https://github.com/microsoft/vscode.git synced 2026-02-21 02:11:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Disable loading system certificates from Node.js by default (#277838)

Browse Source
This commit is contained in:
Christof Marti
2025-11-17 21:13:03 +01:00
parent 94e1d14d5a
commit 2d19cfa394
3 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/vs/platform/request/common/request.ts
View File

@@ -160,6 +160,8 @@ export const USER_LOCAL_AND_REMOTE_SETTINGS = [
'http.experimental.networkInterfaceCheckInterval',
];
export const systemCertificatesNodeDefault = false;
let proxyConfiguration: IConfigurationNode[] = [];
let previousUseHostProxy: boolean | undefined = undefined;
let previousUseHostProxyDefault: boolean | undefined = undefined;
@@ -262,7 +264,7 @@ function registerProxyConfigurations(useHostProxy = true, useHostProxyDefault =
'http.systemCertificatesNode': {
type: 'boolean',
tags: ['experimental'],
default: true,
default: systemCertificatesNodeDefault,
markdownDescription: localize('systemCertificatesNode', "Controls whether system certificates should be loaded using Node.js built-in support. Reload the window after changing this setting. When during [remote development](https://aka.ms/vscode-remote) the {0} setting is disabled this setting can be configured in the local and the remote settings separately.", '`#http.useLocalProxyConfiguration#`'),
restricted: true,
experiment: {

4
src/vs/platform/request/node/requestService.ts
View File

@@ -17,7 +17,7 @@ import { IConfigurationService } from '../../configuration/common/configuration.
import { INativeEnvironmentService } from '../../environment/common/environment.js';
import { getResolvedShellEnv } from '../../shell/node/shellEnv.js';
import { ILogService } from '../../log/common/log.js';
import { AbstractRequestService, AuthInfo, Credentials, IRequestService } from '../common/request.js';
import { AbstractRequestService, AuthInfo, Credentials, IRequestService, systemCertificatesNodeDefault } from '../common/request.js';
import { Agent, getProxyAgent } from './proxy.js';
import { createGunzip } from 'zlib';
@@ -120,7 +120,7 @@ export class RequestService extends AbstractRequestService implements IRequestSe
async loadCertificates(): Promise<string[]> {
const proxyAgent = await import('@vscode/proxy-agent');
return proxyAgent.loadSystemCertificates({
loadSystemCertificatesFromNode: () => this.getConfigValue<boolean>('http.systemCertificatesNode', true),
loadSystemCertificatesFromNode: () => this.getConfigValue<boolean>('http.systemCertificatesNode', systemCertificatesNodeDefault),
log: this.logService,
});
}

6
src/vs/workbench/api/node/proxyResolver.ts
View File

@@ -12,7 +12,7 @@ import { URI } from '../../../base/common/uri.js';
import { ILogService, LogLevel as LogServiceLevel } from '../../../platform/log/common/log.js';
import { IExtensionDescription } from '../../../platform/extensions/common/extensions.js';
import { LogLevel, createHttpPatch, createProxyResolver, createTlsPatch, ProxySupportSetting, ProxyAgentParams, createNetPatch, loadSystemCertificates, ResolveProxyWithRequest } from '@vscode/proxy-agent';
import { AuthInfo } from '../../../platform/request/common/request.js';
import { AuthInfo, systemCertificatesNodeDefault } from '../../../platform/request/common/request.js';
import { DisposableStore } from '../../../base/common/lifecycle.js';
import { createRequire } from 'node:module';
import type * as undiciType from 'undici-types';
@@ -54,7 +54,7 @@ export function connectProxyResolver(
isAdditionalFetchSupportEnabled: () => getExtHostConfigValue<boolean>(configProvider, isRemote, 'http.fetchAdditionalSupport', true),
addCertificatesV1: () => certSettingV1(configProvider, isRemote),
addCertificatesV2: () => certSettingV2(configProvider, isRemote),
loadSystemCertificatesFromNode: () => getExtHostConfigValue<boolean>(configProvider, isRemote, 'http.systemCertificatesNode', true),
loadSystemCertificatesFromNode: () => getExtHostConfigValue<boolean>(configProvider, isRemote, 'http.systemCertificatesNode', systemCertificatesNodeDefault),
log: extHostLogService,
getLogLevel: () => {
const level = extHostLogService.getLevel();
@@ -79,7 +79,7 @@ export function connectProxyResolver(
return intervalSeconds * 1000;
},
loadAdditionalCertificates: async () => {
const useNodeSystemCerts = getExtHostConfigValue<boolean>(configProvider, isRemote, 'http.systemCertificatesNode', true);
const useNodeSystemCerts = getExtHostConfigValue<boolean>(configProvider, isRemote, 'http.systemCertificatesNode', systemCertificatesNodeDefault);
const promises: Promise<string[]>[] = [];
if (isRemote) {
promises.push(loadSystemCertificates({