Relative URL not resolved correctly for openIdConnectUrl

Description

Relative URL for openIdConnectUrl is resolved against webview not against server.

Environment

Extension Version: v4.18.2

VS Code Version: 1.79.2 Commit: 695af097c7bd098fbf017ce3ac85e09bbc5dda06 Date: 2023-06-14T08:59:55.818Z Electron: 22.5.7 Chromium: 108.0.5359.215 Node.js: 16.17.1 V8: 10.8.168.25-electron.0 OS: Linux x64 5.15.0-73-generic snap

Expected behaviour

Preview authorization discovery queries given URL on given server and presents discovered authorization flows.

Actual behaviour

Authorize button opens modal dialog, but no authorization options are shown.

Suspected error

The Developer Tools console shows the following error

main.js:formatted:34041 Refused to connect to 'vscode-webview://1tgqcfmoi217r87r2p5o6ljpmijn5pq81asctfq0f2d4ushsg7pu/auth/realms/myrealm/.well-known/openid-configuration#/' because it violates the document's Content Security Policy.

Obviously, the relative URL given in openIdConnectUrl is resolved against the preview window and not against the server from the servers specification. Supplying the full absolute URL works.

Unless specified otherwise, all properties that are URLs MAY be relative references as defined by RFC3986. Relative references are resolved using the URLs defined in the Server Object as a Base URI.

Minimal Example

openapi: '3.0.3'
info:
  title: Test
  version: 0.1alpha

servers:
- url: https://my.server.test

components:
  securitySchemes:
    openId:
      type: openIdConnect
      # according to spec, relative URLs are relative to server
      openIdConnectUrl: /auth/realms/myrealm/.well-known/openid-configuration#/

Steps to reproduce

create file for minimal example
open preview
Toggle Developer Tools
inspect console error log

42Crunch / vscode-openapi