fix: add local-network-access to iframe permissions policy (!134) · Merge requests · GitLab.org / gitlab-web-ide-vscode-fork

Description

Web views are broken in the Web IDE when a GitLab instance is hosted in a private network (e.g. the GDK) and web views are served from .cdn.web-ide.gitlab-static.net. This only happens in Google Chrome and it happens because the most recent version of Chrome enforces a local network access policy that requires iframes to declare permissions to obtain resources from a private network.

This bug was also fixed in VSCode upstream (see references).

How to test these changes?

We have to test this bug fix in the GDK where it's easier to reproduce the bug. Follow the instructions in the gitlab-org/gitlab MR: gitlab!215231 (closed).

gitlab#582805

References

VSCode upstream fix: https://github.com/microsoft/vscode/pull/278185
Chrome development blog: https://developer.chrome.com/blog/local-network-access
Independent blog post: https://www.paulserban.eu/blog/post/demystifying-nested-iframes-and-the-allowlocal-network-access-attribute-in-chrome/

Edited Dec 05, 2025 by Enrique Alcántara

fix: add local-network-access to iframe permissions policy

Description

How to test these changes?

Related issues

References

Merge request reports