feature: remove deprecated frame ancestors (#110)

lvce-editor · Dec 23, 2024 · 033fdd7 · 033fdd7
1 parent b4e5063
commit 033fdd7
Show file tree

Hide file tree

Showing 7 changed files with 9 additions and 63 deletions.
diff --git a/package.json b/package.json
@@ -119,7 +119,7 @@
     "collectCoverage": true,
     "coverageThreshold": {
       "global": {
-        "branches": 46,
+        "branches": 45,
         "functions": 39,
         "lines": 57
       }

diff --git a/src/parts/CreateWebViewServerHandler/CreateWebViewServerHandler.ts b/src/parts/CreateWebViewServerHandler/CreateWebViewServerHandler.ts
@@ -5,12 +5,7 @@ import * as GetResponse from '../GetResponse/GetResponse.ts'
 import * as SendResponse from '../SendResponse/SendResponse.ts'
 
 // TODO deprecated frame ancestors
-export const createHandler = (
-  frameAncestors: string,
-  webViewRoot: string,
-  contentSecurityPolicy: string,
-  iframeContent: string,
-): any => {
+export const createHandler = (webViewRoot: string, contentSecurityPolicy: string, iframeContent: string): any => {
   if (webViewRoot && webViewRoot.startsWith('file://')) {
     webViewRoot = fileURLToPath(webViewRoot)
   }
@@ -20,14 +15,7 @@ export const createHandler = (
       pathName += 'index.html'
     }
     const range = request.headers.range
-    const result = await GetResponse.getResponse(
-      pathName,
-      frameAncestors,
-      webViewRoot,
-      contentSecurityPolicy,
-      iframeContent,
-      range,
-    )
+    const result = await GetResponse.getResponse(pathName, webViewRoot, contentSecurityPolicy, iframeContent, range)
     await SendResponse.sendResponse(response, result)
   }
 

diff --git a/src/parts/GetContentSecurityPolicyDocument/GetContentSecurityPolicyDocument.ts b/src/parts/GetContentSecurityPolicyDocument/GetContentSecurityPolicyDocument.ts
@@ -1,16 +1,3 @@
-import * as GetContentSecurityPolicy from '../GetContentSecurityPolicy/GetContentSecurityPolicy.ts'
-
-export const getContentSecurityPolicyDocument = (frameAncestors: string, contentSecurityPolicy: string): string => {
-  if (contentSecurityPolicy) {
-    return contentSecurityPolicy
-  }
-  const csp = GetContentSecurityPolicy.getContentSecurityPolicy([
-    "default-src 'none'",
-    "script-src 'self'",
-    "style-src 'self'",
-    "img-src 'self' https:",
-    "media-src 'self'",
-    `frame-ancestors ${frameAncestors}`,
-  ])
-  return csp
+export const getContentSecurityPolicyDocument = (contentSecurityPolicy: string): string => {
+  return contentSecurityPolicy
 }
diff --git a/src/parts/GetResponse/GetResponse.ts b/src/parts/GetResponse/GetResponse.ts
@@ -5,7 +5,6 @@ import * as ResolveFilePath from '../ResolveFilePath/ResolveFilePath.ts'
 
 export const getResponse = async (
   pathName: string,
-  frameAncestors: string,
   webViewRoot: string,
   contentSecurityPolicy: string,
   iframeContent: string,
@@ -14,7 +13,7 @@ export const getResponse = async (
   const filePath = ResolveFilePath.resolveFilePath(pathName, webViewRoot)
   const isHtml = filePath.endsWith('index.html')
   if (isHtml) {
-    return HandleIndexHtml.handleIndexHtml(filePath, frameAncestors, contentSecurityPolicy, iframeContent)
+    return HandleIndexHtml.handleIndexHtml(filePath, contentSecurityPolicy, iframeContent)
   }
   if (filePath.endsWith('preview-injected.js')) {
     return HandlePreviewInjected.handlePreviewInjected()

diff --git a/src/parts/HandleIndexHtml/HandleIndexHtml.ts b/src/parts/HandleIndexHtml/HandleIndexHtml.ts
@@ -7,12 +7,11 @@ import * as InjectPreviewScript from '../InjectPreviewScript/InjectPreviewScript
 
 export const handleIndexHtml = async (
   filePath: string,
-  frameAncestors: string,
   contentSecurityPolicy: string,
   iframeContent: string,
 ): Promise<Response> => {
   try {
-    const csp = GetContentSecurityPolicyDocument.getContentSecurityPolicyDocument(frameAncestors, contentSecurityPolicy)
+    const csp = GetContentSecurityPolicyDocument.getContentSecurityPolicyDocument(contentSecurityPolicy)
     const contentType = GetContentType.getContentType(filePath)
     const headers = {
       [HttpHeader.CrossOriginResourcePolicy]: 'cross-origin',

diff --git a/src/parts/SetWebViewServerHandler/SetWebViewServerHandler.ts b/src/parts/SetWebViewServerHandler/SetWebViewServerHandler.ts
@@ -9,6 +9,6 @@ export const setWebViewServerHandler = (
   iframeContent: string,
 ): void => {
   const server = WebViewServerState.get(id)
-  const handler = CreateWebViewServerHandler.createHandler(frameAncestors, webViewRoot, contentSecurityPolicy, iframeContent)
+  const handler = CreateWebViewServerHandler.createHandler(webViewRoot, contentSecurityPolicy, iframeContent)
   server.setHandler(handler)
 }
diff --git a/test/GetContentSecurityPolicyDocument.test.ts b/test/GetContentSecurityPolicyDocument.test.ts
@@ -2,34 +2,7 @@ import { expect, test } from '@jest/globals'
 import * as GetContentSecurityPolicyDocument from '../src/parts/GetContentSecurityPolicyDocument/GetContentSecurityPolicyDocument.js'
 
 test('getContentSecurityPolicyDocument - with frame ancestors', () => {
-  const frameAncestors = 'vscode-webview://*'
   const contentSecurityPolicy =
     "default-src 'none'; img-src 'self' https: data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';"
-  expect(GetContentSecurityPolicyDocument.getContentSecurityPolicyDocument(frameAncestors, contentSecurityPolicy)).toBe(
-    "default-src 'none'; img-src 'self' https: data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';",
-  )
-})
-
-test('getContentSecurityPolicyDocument - empty frame ancestors', () => {
-  const frameAncestors = ''
-  const contentSecurityPolicy = "default-src 'none'; img-src 'self' https: data:; script-src 'self' 'unsafe-inline';"
-  expect(GetContentSecurityPolicyDocument.getContentSecurityPolicyDocument(frameAncestors, contentSecurityPolicy)).toBe(
-    "default-src 'none'; img-src 'self' https: data:; script-src 'self' 'unsafe-inline';",
-  )
-})
-
-test('getContentSecurityPolicyDocument - empty content security policy', () => {
-  const frameAncestors = 'vscode-webview://*'
-  const contentSecurityPolicy = ''
-  expect(GetContentSecurityPolicyDocument.getContentSecurityPolicyDocument(frameAncestors, contentSecurityPolicy)).toBe(
-    "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' https:; media-src 'self'; frame-ancestors vscode-webview://*;",
-  )
-})
-
-test('getContentSecurityPolicyDocument - both empty', () => {
-  const frameAncestors = ''
-  const contentSecurityPolicy = ''
-  expect(GetContentSecurityPolicyDocument.getContentSecurityPolicyDocument(frameAncestors, contentSecurityPolicy)).toBe(
-    "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' https:; media-src 'self'; frame-ancestors ;",
-  )
+  expect(GetContentSecurityPolicyDocument.getContentSecurityPolicyDocument(contentSecurityPolicy)).toBe(contentSecurityPolicy)
 })