Isolate Web IDE on separate origin

Enrique Alcántararequested to merge
520263/ealcantara/use-gitlab-web-ide-multi-domain-in-gitlab-dom into master

Issue: Use .cdn.web-ide.gitlab-static.net to load Web ... (#520263 - closed)

What does this MR do and why?

Feature flag rollout issue: [Feature flag] Rollout of `web_ide_multi_domain` (#526529 - closed)

This merge request changes the origin used to load the Web IDE's VSCode workbench on gitlab.com. This change is behind a feature flag. After this change, the Web IDE's VSCode workbench will be loaded from the following URL https://workbench-${workbenchDomain}.cdn.web-ide.gitlab-static.net/gitlab-web-ide-vscode-workbench-${workbenchVersion} where:

  • workbenchDomain is a base64-encoded string generated based on the GitLab instance's origin and the current username.
  • workbenchVersion is the @gitlab/web-ide npm package's version.

What is the Web IDE's VSCode workbench?

The Web IDE's VSCode workbench is the core VSCode component that provides basic editing capabilities, the editor UI, and orchestrates 3rd-party extensions.

Why

The goal of this change is fully isolating the Web IDE from the GitLab Rails application. The Web IDE's VSCode workbench is embedded in the GitLab Rails application using an iframe. Both the GitLab Rails application and the Web IDE's VSCode workbench are hosted in the same domain therefore they share the same origin. By moving the Web IDE's VSCode workbench to a separate domain, we take advantage of the Web Browser's same-origin policy to ensure that the Web IDE can only communicate with the GitLab Rails application via message channel API.

image.png

After this change, the Web IDE's iframe won't have access to the GitLab Rails:

  • window object.
  • localStorage
  • document or location objects.

This ensures that the Web IDE and 3rd-party extensions are completely isolated and can't access sensible user data.

References

Screenshots or screen recordings

This merge request doesn't introduce user facing changes. The following video demonstrates how to verify that the Web IDE is, in fact, served from on a separate origin.

web_ide_sandboxed.mov

How to set up and validate locally

  1. In <gdk-dir>/env.runit, add this expression to simulate gitlab.com export GITLAB_SIMULATE_SAAS=1 .
  2. Run gdk reconfigure && gdk restart.
  3. Enable the web_ide_multi_domain feature flag in your local environment.
  4. Open the Web IDE on any project or file.
  5. The Web IDE should continue working as usual.
  6. If you inspect the Web IDE's page, the iframe used to embed the Web IDE uses a URL based on .cdn.web-ide.gitlab-static.net.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Enrique Alcántara

Merge request reports