always on trusted-types for yarn web, fyi @bpasero

2026-04-25 02:58:56 +01:00 · 2021-01-28 11:26:50 +01:00
parent 03902d4841
commit ee4516a485
1 changed files with 4 additions and 8 deletions
--- a/resources/web/code-web.js
+++ b/resources/web/code-web.js
@@ -46,7 +46,6 @@ const args = minimist(process.argv, {
 		'verbose',
 		'wrap-iframe',
 		'enable-sync',
-		'trusted-types'
 	],
 	string: [
 		'scheme',
@@ -63,7 +62,6 @@ if (args.help) {
 		'yarn web [options]\n' +
 		' --no-launch      Do not open VSCode web in the browser\n' +
 		' --wrap-iframe    Wrap the Web Worker Extension Host in an iframe\n' +
-		' --trusted-types  Enable trusted types (report only)\n' +
 		' --enable-sync    Enable sync by default\n' +
 		' --scheme         Protocol (https or http)\n' +
 		' --host           Remote host\n' +
@@ -435,12 +433,10 @@ async function handleRoot(req, res) {
 		.replace('{{WORKBENCH_AUTH_SESSION}}', () => authSessionInfo ? escapeAttribute(JSON.stringify(authSessionInfo)) : '')
 		.replace('{{WEBVIEW_ENDPOINT}}', '');

-
-	const headers = { 'Content-Type': 'text/html' };
-	if (args['trusted-types']) {
-		headers['Content-Security-Policy-Report-Only'] = 'require-trusted-types-for \'script\';';
-	}
-
+	const headers = {
+		'Content-Type': 'text/html',
+		'Content-Security-Policy': 'require-trusted-types-for \'script\';'
+	};
 	res.writeHead(200, headers);
 	return res.end(data);
 }