Account for Windows and MSFT Edge limitations when loading WebViews #42
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
breedloj
reviewed
Sep 26, 2024
Comment on lines
66
to
68
| if (platform == PluginPlatform.WINDOWS) { | ||
| return; | ||
| } |
There was a problem hiding this comment.
Let's try checking for a POSIX compatible file system for a more robust check:
public static boolean hasPosixFilePermissions(Path path) {
return path.getFileSystem().supportedFileAttributeViews().contains("posix");
}
| if (platform == PluginPlatform.WINDOWS) { | ||
| return SWT.EDGE; | ||
| } | ||
| return SWT.NATIVE; |
There was a problem hiding this comment.
Let's make the default explicitly SWT.WEBKIT. The other types seem to be deprecated but we don't want to leave the mapping up to chance.
| * @param jsPath | ||
| * @return server launched | ||
| */ | ||
| protected Server setupVirtualServer(final String jsPath) { |
There was a problem hiding this comment.
My preference would be for this piece to live in a separate class that abstracts away the internal Server - could be WebviewAssetServer with a resolve(path) method (and stop).
There was a problem hiding this comment.
I like the idea. Updated
| protected Server setupVirtualServer(final String jsPath) { | ||
| Server server = null; | ||
| try { | ||
| server = new Server(0); |
breedloj
approved these changes
Sep 27, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
This change introduces some updates to account for development limitations when using WebViews in Eclipse with Windows and MSFT Edge as the backing browser technology.
Changes:
In addition some security recommendations has been added for chat webview CSP meta
default-src 'none';- By default, do not allow any resources to loadscript-src {javascriptFilePath} 'unsafe-inline'- Allow inline JS to load in http://{virtualhost}/amazonq-ui.js, which is required for mynah-ui to runstyle-src {javascriptFilePath} 'unsafe-inline';- Allow inline css to load in http://{virtualhost}/amazonq-ui.js, which is required for mynah-ui to runimg-src 'self' data:- Allow inline images (svg in particular) that start with data: to load in the same originobject-src 'none'; base-uri 'none';recommended by security internallyBy submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.