Open all web links in Integrated Browser #1713
Conversation
|
@isc-bsaviano what do you see as the benefit of removing the CSPCHD mechanism? |
|
I'd rather let the browser handle it because the cookies will be shared amongst similar pages with no regard for how they were opened (this extension, server manager, or manual entry). Even though the links will be opened in a VS Code tab, I don't think users see these linked pages as "part of" VS Code and be upset at having to log in. They'd likely have to do it anyways even if we used the external browser. @isc-rsingh any thoughts? |
|
In my testing, if an Integrated Browser tab first connects to an IRIS server with a URL that contains a CSPCHD queryparam (as still happens with my Server Manager PR intersystems-community/intersystems-servermanager#310), then subsequent Integrated Browser tabs using a URL to the same server but without a CSPCHD will still benefit from a session cookie, so won't prompt for credentials for this server in any VS Code window until all VS Code windows are closed (because the default data storage of Integrated Browser is Global, i.e. |
|
Thanks for the comment John. I can put the CSPCHD mechanism back in, but it doesn't work for me. It's probably due to the default setting of "Always" for "Use Cookie for Session". |
|
@gjsjohnmurray @isc-rsingh I asked a principal dev on security team about CSPCHD. Here's what they said:
Given this information, I don't support adding back CSPCHD. It's not a huge burden for users to enter credentials in the login page and we have a good reason for making them do so. |
gjsjohnmurray
left a comment
gjsjohnmurray
left a comment
There was a problem hiding this comment.
I approve the changes, including dropping CSPCHD support.
4 participants
This PR adopts the new VS Code Integrated browser for all links that would previously be opened in an external browser. It does not log the user in using the CSPCHD query parameter for IRIS links since the Integrated Browser can store cookies.
integrated.browser.mov