search

microsoft / vscode

Visual Studio Code
https://code.visualstudio.com
MIT License
163.61k stars 29.04k forks source link

Images from external sources blocked in preview #200542

Closed ghost closed 10 months ago

ghost commented 10 months ago

Type: Bug

When using Live Preview OR internal preview, since today, images referenced from external sources (e.g. my company's websites) are not shown anymore due to a cross origin error: "Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep"

This still worked fine 3 days ago.

What can I do to show these images? Many thanks in advance!

VS Code version: Code 1.85.0 (af28b32d7e553898b2a91af498b1fb666fdebe0c, 2023-12-06T20:48:09.019Z) OS version: Windows_NT x64 10.0.19045 Modes:

System Info |Item|Value| |---|---| |CPUs|11th Gen Intel(R) Core(TM) i5-1135G7 @ 2.40GHz (8 x 2419)| |GPU Status|2d_canvas: enabled
canvas_oop_rasterization: enabled_on
direct_rendering_display_compositor: disabled_off_ok
gpu_compositing: enabled
multiple_raster_threads: enabled_on
opengl: enabled_on
rasterization: enabled
raw_draw: disabled_off_ok
video_decode: enabled
video_encode: enabled
vulkan: disabled_off
webgl: enabled
webgl2: enabled
webgpu: enabled| |Load (avg)|undefined| |Memory (System)|15.79GB (2.11GB free)| |Process Argv|| |Screen Reader|no| |VM|0%|
Extensions (11) Extension|Author (truncated)|Version ---|---|--- better-comments|aar|3.0.2 Bookmarks|ale|13.4.2 project-manager|ale|12.7.0 webvalidator|Cel|1.3.1 sync-scroll|dqi|1.3.1 vscode-html-css|ecm|1.13.1 hungry-delete|jas|1.7.0 live-server|ms-|0.4.12 vscode-css-navigation|puc|1.14.0 smart-css-autocomplete|sai|1.5.3 html-to-css-autocompletion|sol|1.1.2
jrieken commented 10 months ago

We have enabled cross origin isolation for vscode.dev which enables powerful APIs (like shared memory) but it also comes with stricter requirements. When loading external resources into such a context the CORP header must be presented. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy.

You can temporarily disable this by appending ?vscode-coi=off to the url.

ghost commented 10 months ago

Hi Johannes,

Thank you for your reply.

Strangely, I just wanted to try the string you sent me on the URL, but now all external images again load correctly without any modification on my part. I tried a lot of times yesterday, to no avail, but it’s fine now. Seems it was a glitch in VS Code solved by restarting my PC. 🤦🏽‍♂️

Anyway, I’ll keep the info you sent me, as it’s very useful.

Kind regards, Ingo

Ingo Gerhardt Website Manager CE PageGroup Plaza Europa 21-23, Hospitalet de Llobregat, 08908 T: +34935481414 E: @. W: www.page.com PageGroup is an equal opportunity employer committed to workforce diversity, both as an employer as well as a recruitment service provider. Each recruitment decision we make for people we hire and people we place into new roles is based solely on the candidates’ knowledge, experience and skills. Este mensaje y cualquier documento adjunto que lleve consigo es sólo para la persona o compañía a la que va dirigido y puede ​ ​contener información privilegiada, confidencial o cuya revelación o uso esté prohibido. Si el receptor de esta transmisión no es ​la persona a quien iba dirigida, o el empleado o agente encargado de hacer llegar dicho material al receptor previsto, se le ​notifica que cualquier uso, forma de reproducción, difusión, copia, revelación, modificación, distribución y/o publicación de ​este mensaje o sus documentos adjuntos por cualquier otro que no sea su destinatario previsto está estrictamente prohibido ​por el remitente. Si ha recibido esto por error, por favor, devuélvalo al remitente y destruya el mensaje y/o las copias que pueda haber en su posesión. Los datos personales que en esta comunicación aparecen, así como los que nuestra empresa mantiene de Vd. y de su ​empresa, son tratados con la finalidad de mantener el contacto así como realizar las gestiones que en esta aparecen de ​conformidad con el Reglamento 2016/679 General de Protección de Datos. Puede ejercer sus derechos de acceso, rectificación, ​supresión, limitación del tratamiento, portabilidad y oposición a través de la dirección @. La ​utilización de su dirección de correo electrónico con fines comerciales por parte de nuestra empresa queda sujeta a las ​disposiciones de la ​Ley 34/2002, de Servicios de la Sociedad de la Información y el Comercio Electrónico. Puede oponerse a que ​le enviemos comunicaciones comerciales por medios electrónicos solicitándolo en la anterior dirección de correo electrónico"

This message and any document attached to it is only for the attention of the person or company to whom it has been sent and ​may contain privileged, confidential information whose disclosure or use may be prohibited. If the recipient of this message is ​not the person to whom it is intended, or the employee or agent responsible for transmitting said material to the intended ​recipient, please note that any use, reproduction, diffusion, copy, disclosure, modification, distribution and/or publication of ​this message or the documents attached to it to any person who is not the intended recipient, is strictly prohibited. If you have ​received this message by mistake, please, return it to the sender and destroy the message and /or copies which you may have ​in your possession. ​The personal information in this message, as well as the data our company has about you and your company are treated with ​the purpose of keeping contact as well as carry out related matters in accordance with the General Data Protection Regulation ​2016/679. You may exercise your rights to access, rectify, suppression, treatment limitation, portability and oppose at the ​following email: @. The use of your email address with commercial purposes by our company is subject to ​the dispositions of the Law 34/2002, Company Information Services and Electronic Commerce. You can object to us sending ​you commercial communications by electronic mail by requesting it to the above email address. From: Johannes Rieken @.> Sent: Tuesday, December 12, 2023 11:12 AM To: microsoft/vscode @.> Cc: Ingo Gerhardt @.>; Author @.***> Subject: Re: [microsoft/vscode] Images from external sources blocked in preview (Issue #200542)

We have enabled cross origin isolation for vscode.dev which enables powerful APIs (like shared memory) but it also comes with stricter requirements. When loading external resources into such a context the CORP header must be presented. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policyhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy.

You can temporarily disable this by appending ?vscode-coi=off to the url.

— Reply to this email directly, view it on GitHubhttps://github.com/microsoft/vscode/issues/200542#issuecomment-1851732641, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A5QEQPX2VU6FLLRRK73L4LLYJAUXZAVCNFSM6AAAAABAPS6RMOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNJRG4ZTENRUGE. You are receiving this because you authored the thread.Message ID: @.**@.>>

jrieken commented 10 months ago

I believe @andreamah made a follow up change for live preview specifically but mid to long term CORP will be a requirement

andreamah commented 10 months ago

I pushed a quick fix yesterday for this. There was a bug with the changes I made for CORP support. /duplicate https://github.com/microsoft/vscode-livepreview/issues/577

vscodenpa commented 10 months ago

Thanks for creating this issue! We figured it's covering the same as another one we already have. Thus, we closed this one as a duplicate. You can search for similar existing issues. See also our issue reporting guidelines.

Happy Coding!