Open all web links in Integrated Browser#1713
Open all web links in Integrated Browser#1713isc-bsaviano merged 1 commit intointersystems-community:masterfrom
Conversation
|
@isc-bsaviano what do you see as the benefit of removing the CSPCHD mechanism? |
|
I'd rather let the browser handle it because the cookies will be shared amongst similar pages with no regard for how they were opened (this extension, server manager, or manual entry). Even though the links will be opened in a VS Code tab, I don't think users see these linked pages as "part of" VS Code and be upset at having to log in. They'd likely have to do it anyways even if we used the external browser. @isc-rsingh any thoughts? |
|
In my testing, if an Integrated Browser tab first connects to an IRIS server with a URL that contains a CSPCHD queryparam (as still happens with my Server Manager PR intersystems-community/intersystems-servermanager#310), then subsequent Integrated Browser tabs using a URL to the same server but without a CSPCHD will still benefit from a session cookie, so won't prompt for credentials for this server in any VS Code window until all VS Code windows are closed (because the default data storage of Integrated Browser is Global, i.e. |
|
Thanks for the comment John. I can put the CSPCHD mechanism back in, but it doesn't work for me. It's probably due to the default setting of "Always" for "Use Cookie for Session". |
|
@gjsjohnmurray @isc-rsingh I asked a principal dev on security team about CSPCHD. Here's what they said:
Given this information, I don't support adding back CSPCHD. It's not a huge burden for users to enter credentials in the login page and we have a good reason for making them do so. |
gjsjohnmurray
left a comment
gjsjohnmurray
left a comment
There was a problem hiding this comment.
I approve the changes, including dropping CSPCHD support.
…am (#94) * Prevent users from accidentally opening multiple copies of the same class or routine (intersystems-community#1666) * Fix opening server-side generated INT routines (intersystems-community#1668) * Fix running unit tests from a root test item (intersystems-community#1669) * Bump js-yaml from 4.1.0 to 4.1.1 (intersystems-community#1670) Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.1.1. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump glob from 11.0.1 to 11.1.0 (intersystems-community#1673) Bumps [glob](https://github.com/isaacs/node-glob) from 11.0.1 to 11.1.0. - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v11.0.1...v11.1.0) --- updated-dependencies: - dependency-name: glob dependency-version: 11.1.0 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix automatic refresh of server-side documents after save and compile (intersystems-community#1678) * Fix `Show Plan` for IRIS 2026.1+ (intersystems-community#1679) * Insert file stub snippet when creating a new class or routine using client-side editing (intersystems-community#1681) * chore: `npm audit fix` (intersystems-community#1682) * Trigger server-side source control `OpenedDocument` UserAction after a project is modified (intersystems-community#1685) * Remove barely used configuration settings (intersystems-community#1683) * Prepare 3.4.0 release (intersystems-community#1692) * auto bump version with release * Add `Func` suffix to `Copy Invocation` result for Queries (intersystems-community#1695) * Fix extension activation when clicking on InterSystems view container in an empty workspace folder (intersystems-community#1694) * Update contributing guidelines (intersystems-community#1700) * Remove UI component dependency from REST debugging Webview (intersystems-community#1702) * Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 (intersystems-community#1708) Bumps @isaacs/brace-expansion from 5.0.0 to 5.0.1. --- updated-dependencies: - dependency-name: "@isaacs/brace-expansion" dependency-version: 5.0.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Integrate new BPL Editor (intersystems-community#1699) * Adopt new VS Code APIs to improve QuickPicks (intersystems-community#1709) * Support deleting folders (intersystems-community#1705) Fix intersystems-community#1638 and improve maintainability --------- Co-authored-by: klu <kc.lu@intersystems.com> * Fix mapping of client-side DFI file to its document name (intersystems-community#1711) * Move command to export Project contents to Command Palette (intersystems-community#1707) * Bump webpack from 5.98.0 to 5.105.0 (intersystems-community#1712) Bumps [webpack](https://github.com/webpack/webpack) from 5.98.0 to 5.105.0. - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.98.0...v5.105.0) --- updated-dependencies: - dependency-name: webpack dependency-version: 5.105.0 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Remove barely used commands (intersystems-community#1710) * Bump axios from 1.13.2 to 1.13.5 (intersystems-community#1714) Bumps [axios](https://github.com/axios/axios) from 1.13.2 to 1.13.5. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.2...v1.13.5) --- updated-dependencies: - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Open all web links in Integrated Browser (intersystems-community#1713) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Brett Saviano <bsaviano@intersystems.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: John Murray <johnm@georgejames.com> Co-authored-by: ProjectBot <bot@users.noreply.github.com> Co-authored-by: Kuang-Chen (KC) Lu <klu@intersystems.com> Co-authored-by: klu <kc.lu@intersystems.com>
4 participants
This PR adopts the new VS Code Integrated browser for all links that would previously be opened in an external browser. It does not log the user in using the CSPCHD query parameter for IRIS links since the Integrated Browser can store cookies.
integrated.browser.mov