This command needs to be run as each user / on each home folder, and only works for the Desktop installations of Code/Code - Insider/etc.
\nWarning
This will wipe any previously Developer-added domains each time the command is run. Only run it once on initial-setup.
\n\n
Coder / code-server
\nHowever, this does not work for code-server inside coder/coder, as this state SQLite file cannot be found at the same location.
\nUser storage is inside ~/.local/share/code-server/User/, but the globalStorage folder does not have anything like a state.vscdb file.
\nAfter extensive digging I found that this SQLite table is actually stored inside the browser IndexedDB storage. 🫨
There is a patch to add --link-protection-trusted-domains as a CLI arg, and linkProtectionTrustedDomains as a product.json value. Unfortunately the coder/code-server TF module does not support adding additional arbitrary arguments to the launch of code-server.
\nhttps://github.com/coder/registry/blob/main/registry/coder/modules/code-server/run.sh#L19
I spent a lot of time trying to get this patched in but struggled to see the commandline argument have an effect. However, I think this is due to \"example.com,example.net\" being treated as one value instead of a string-array corrupting things. After a lot of cleanup I made the following PR to upstream this feature:
\n\n\n
Finally, also sharing this shorter-term but immediately-working solution:
\nresource \"coder_agent\" \"main\" {\n arch = data.coder_provisioner.me.arch\n os = \"linux\"\n dir = \"/home/coder/${local.folder_name}\"\n # Add any commands that should be executed at workspace startup (e.g install requirements, start a program, etc) here\n startup_script = <<-EOT\n #\n # CORE SETUP\n #\n\n # Update code-server trusted domains\n echo \"🔧 Updating code-server trusted domains...\"\n mkdir -p /tmp/code-server/lib\n while [ ! -f \"$(find /tmp/code-server/lib/ -type f -name 'product.json' | head -n1)\" ]; do :; done\n CODE_SERVER_PROFILE_JSON=\"$(find /tmp/code-server/lib/ -type f -name 'product.json' | head -n1)\"\n cat $CODE_SERVER_PROFILE_JSON | jq '.linkProtectionTrustedDomains = [\"https://open-vsx.org\",\"https://github.com\",\"https://git.corp.example.com\",\"https://foorack.com\",\"*.amazonaws.com\"]' > /tmp/product-modified.json\n mv /tmp/product-modified.json $CODE_SERVER_PROFILE_JSON\n\n #\n # REST OF YOUR startup_script, LIKE SKEL HOME, INSTALLING TOOLS, ETC.\n #\n[...]Caution
REMEMBER TO KEEP https://open-vsx.org as one of the values, as this actually OVERRIDES the builtin value.
Tip
Please add the \"product.json-override\" logic at the very top of the startup_script, as it is important we can listen and immediately change this config before code-server starts up.
Despite the minor race-requirement, I think this solution is elegant in that it doesn't override the users own value. Unlike the Desktop approach, this actually allows the developer to add additional domains, while allowing the core configuration to be enforced at any time.
","upvoteCount":1,"url":"https://github.com/coder/coder/discussions/19995#discussioncomment-14530265"}}}Add domain to Trusted Domain by default #19995
-
|
Not sure if this is a There is a command |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
|
I have already tried setting There is "workbench.trustedDomains.promptInTrustedWorkspace": falsebut it also has no impact, as I suspect the current workspace is not Trusted. Even when re-enabling workspace.trust.enabled to True, and making sure my current folder is trusted - |
Beta Was this translation helpful? Give feedback.
-
|
Related microsoft/vscode#82794 |
Beta Was this translation helpful? Give feedback.
-
|
(This took half of my Saturday, hopefully someone finds this useful.) VS Code DesktopI have discovered environments using a Client configuration management tools can use: sqlite3 ~/.config/Code/User/globalStorage/state.vscdb "UPDATE ItemTable SET value = '[\"https://github.com\", \"https://git.corp.example.com\", \"https://foorack.com\"]' WHERE key = 'http.linkProtectionTrustedDomains';"This command needs to be run as each user / on each home folder, and only works for the Desktop installations of Code/Code - Insider/etc. Warning This will wipe any previously Developer-added domains each time the command is run. Only run it once on initial-setup. Coder / code-serverHowever, this does not work for There is a patch to add I spent a lot of time trying to get this patched in but struggled to see the commandline argument have an effect. However, I think this is due to "example.com,example.net" being treated as one value instead of a string-array corrupting things. After a lot of cleanup I made the following PR to upstream this feature: Finally, also sharing this shorter-term but immediately-working solution: resource "coder_agent" "main" {
arch = data.coder_provisioner.me.arch
os = "linux"
dir = "/home/coder/${local.folder_name}"
# Add any commands that should be executed at workspace startup (e.g install requirements, start a program, etc) here
startup_script = <<-EOT
#
# CORE SETUP
#
# Update code-server trusted domains
echo "🔧 Updating code-server trusted domains..."
mkdir -p /tmp/code-server/lib
while [ ! -f "$(find /tmp/code-server/lib/ -type f -name 'product.json' | head -n1)" ]; do :; done
CODE_SERVER_PROFILE_JSON="$(find /tmp/code-server/lib/ -type f -name 'product.json' | head -n1)"
cat $CODE_SERVER_PROFILE_JSON | jq '.linkProtectionTrustedDomains = ["https://open-vsx.org","https://github.com","https://git.corp.example.com","https://foorack.com","*.amazonaws.com"]' > /tmp/product-modified.json
mv /tmp/product-modified.json $CODE_SERVER_PROFILE_JSON
#
# REST OF YOUR startup_script, LIKE SKEL HOME, INSTALLING TOOLS, ETC.
#
[...]Caution REMEMBER TO KEEP Tip Please add the "product.json-override" logic at the very top of the Despite the minor race-requirement, I think this solution is elegant in that it doesn't override the users own value. Unlike the Desktop approach, this actually allows the developer to add additional domains, while allowing the core configuration to be enforced at any time. |
Beta Was this translation helpful? Give feedback.
(This took half of my Saturday, hopefully someone finds this useful.)
VS Code Desktop
I have discovered environments using a Client configuration management tools can use:
This command needs to be run as each user / on each home folder, and only works for the Desktop installations of Code/Code - Insider/etc.
Warning
This will wipe any previously Developer-added domains each time the command is run. Only run it once on initial-setup.
Coder / code-server
However, this does…