orcs-oss/orcs-code
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use cryptographic nonce for extension webview CSP

Browse Source 
Agent-Logs-Url: https://github.com/devNull-bootloader/openclaude/sessions/30a4694d-1125-4280-a593-74b5e3da601e

Co-authored-by: devNull-bootloader <189463177+devNull-bootloader@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-04-02 15:08:22 +00:00
committed by GitHub
parent 8e8671fc51
commit ff124dcdfb
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
vscode-extension/openclaude-vscode/src/extension.js
View File

@@ -1,4 +1,5 @@
const vscode = require('vscode'); const vscode = require('vscode');
const crypto = require('crypto');
function launchOpenClaude() { function launchOpenClaude() {
const configured = vscode.workspace.getConfiguration('openclaude'); const configured = vscode.workspace.getConfiguration('openclaude');
@@ -39,7 +40,7 @@ class OpenClaudeControlCenterProvider {
} }
getHtml(webview) { getHtml(webview) {
const nonce = String(Date.now()); const nonce = crypto.randomBytes(16).toString('base64');
return `<!DOCTYPE html> return `<!DOCTYPE html>
<html lang="en"> <html lang="en">
<head> <head>