diff --git a/docs/docs/env-vars.md b/docs/docs/env-vars.md index 9c12b66a..1b49ea55 100644 --- a/docs/docs/env-vars.md +++ b/docs/docs/env-vars.md @@ -16,6 +16,8 @@ CodeRoad has a number of configurations: - `CODEROAD_ADMIN_MODE` - a mode for tutorial developers. Under the "Review" page, you can jump around between levels & steps to test development. Defaults `false`. +- `CODEROAD_CONTENT_SECURITY_POLICY_EXEMPTIONS` - a list of CSP exemption hashes. For multiples, separate the list with a space. + ## How to Use Variables ### Local diff --git a/src/environment.ts b/src/environment.ts index 3ea84864..8b7f5f3f 100644 --- a/src/environment.ts +++ b/src/environment.ts @@ -38,3 +38,8 @@ if (!supportedOS.includes(OS_PLATFORM)) { export const TUTORIAL_URL: string | null = process.env.CODEROAD_TUTORIAL_URL || null export const DISABLE_RUN_ON_SAVE = (process.env.CODEROAD_DISABLE_RUN_ON_SAVE || '').toLowerCase() === 'true' + +// bypass "Refused to execute inline script because it violates the following Content Security Policy directive" issue +// for multiple exemptions, separate each with a space "a1 b1" +export const CONTENT_SECURITY_POLICY_EXEMPTIONS: string | null = + process.env.CODEROAD_CONTENT_SECURITY_POLICY_EXEMPTIONS || null diff --git a/src/services/webview/render.ts b/src/services/webview/render.ts index 3ebef8a5..b157b167 100644 --- a/src/services/webview/render.ts +++ b/src/services/webview/render.ts @@ -2,6 +2,7 @@ import { JSDOM } from 'jsdom' import * as path from 'path' import * as vscode from 'vscode' import { onError } from '../telemetry' +import { CONTENT_SECURITY_POLICY_EXEMPTIONS } from '../../environment' const getNonce = (): string => { let text = '' @@ -46,6 +47,13 @@ async function render(panel: vscode.WebviewPanel, rootPath: string): Promise