[Web IDE] Use .cdn.web-ide.gitlab-static.net to load Web IDE's VSCode workbench in online self-managed instances

MRs:

Description

Use Web IDE's VSCode workbench deployed on .cdn.web-ide.gitlab-static.net in GitLab self-managed instances that have network access to .cdn.web-ide.gitlab-static.net server.

Why

GitLab self-managed instances already use .cdn.web-ide.gitlab-static.net to isolate extensions and web views on a separate origin/domain. This issue proposes using the same technique to isolate the Web IDE's VSCode Workbench and ensure the full isolation of VSCode from the GitLab rails application.

We are isolating gitlab.com using the same technique in %18.0.: Use .cdn.web-ide.gitlab-static.net to load Web ... (#520263 - closed).

How

The Web IDE will confirm that the GitLab instance can connect to .cdn.web-ide.gitlab-static.net by sending an HTTP OPTION request to this server.
If the server response is successful, the Web IDE will generate a unique subdomain for each combination of GitLab's self-managed instance + user. Two GitLab instances can't be access via the same domain name therefore the Web IDE's Workbench subdomain will be based on the GitLab instance's domain.
The Web IDE will use the subdomain generated on step 2 to load the VSCode workbench on the GitLab instance.

Acceptance criteria

The Web IDE loads the VSCode workbench assets from .cdn.web-ide.gitlab-static.net only if the GitLab instance can connect to this server.
The Web IDE's VSCode workbench subdomain is unique for the GitLab instance's domain and the current user.
Add a callout to the Extension Marketplace admin settings that explain the Extension Marketplace is not available when .cdn.web-ide.gitlab-static.net is not reachable.
Document in the Web IDE's administrator docs that the Extension Marketplace is not available when when .cdn.web-ide.gitlab-static.net is not reachable.

Edited Jun 23, 2025 by 🤖 GitLab Bot 🤖