Fix CORS headers for GDK serving Web IDE assets
MR: Update workhorse to allow gitlab-static.net CORS (!152070 - merged)
Description
The best fix for this issue is to require the servers serving the Web IDE assets have appropriate
Allow-Cross-Origin-Request
headers set whenever the GitLab instance is wishing to enable the Extension Marketplace in the Web IDE.
The Web IDE requires CORS headers for the server serving up the Web IDE assets. The extension host, which happens on a separate origin for security reasons, needs to be able to request and receive these assets.
It is not consistent how Frontend assets are served in a GitLab instance. We've solved this CORS issues specifically for .com
, and we will need to find a common solution for most self-managed instances. We'll open a follow-up for documenting the CORS requirements.
Acceptance Criteria
-
Web IDE works out-of-the-box in GDK environment