fix: add local-network-access to iframe permissions policy
Issue: Support new local-network-access permissions po... (gitlab#582805)
What does this MR do and why?
- Updates the VSCode Fork in the Web IDE to apply the fix fix: add local-network-access to iframe permiss... (gitlab-web-ide-vscode-fork!134 - merged).
- Adds
local-network-accesspermission to workbench iframe. - Converts the fetch request that tests CORS rules in the GitLab instance into a "non-simple" request.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
You have to test these changes in the GDK to have the mix of private/public network when using .cdn.gitlab-static.net. Follow the instructions in the MR to test the changes gitlab!215231 (closed).
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
You have to test these changes in the GDK to have the mix of private/public network when using .cdn.gitlab-static.net. Follow the instructions in the MR to test the changes gitlab!215231 (closed).
References
- VSCode upstream fix: https://github.com/microsoft/vscode/pull/278185
- Chrome development blog: https://developer.chrome.com/blog/local-network-access
- Independent blog post: https://www.paulserban.eu/blog/post/demystifying-nested-iframes-and-the-allowlocal-network-access-attribute-in-chrome/