Add CSP To Root Document (#28670)

* Add CSP To Root Document Adds a content security policy to the root vscode document. This limits what can be loaded. Important changes: * Connect-src is limited to `self` or `https:` * script-src is limited to `self` * object and child-src are limited to `self` * Media allows `self` `http` `https` and `data` * Add preload to gulp * Default to none * Don't use let in preload
2026-05-08 09:08:48 +01:00 · 2017-06-15 13:04:08 -07:00
parent c2d0d459cc
commit 69fd57e4dc
3 changed files with 43 additions and 36 deletions
@@ -214,7 +214,8 @@ function packageTask(platform, arch, opts) {
 			'vs/workbench/electron-browser/workbench.main.js',
 			'vs/workbench/electron-browser/workbench.main.css',
 			'vs/workbench/electron-browser/bootstrap/index.html',
-			'vs/workbench/electron-browser/bootstrap/index.js'
+			'vs/workbench/electron-browser/bootstrap/index.js',
+			'vs/workbench/electron-browser/bootstrap/preload.js'
 		]);

 		const src = gulp.src(out + '/**', { base: '.' })