* webide: analytics
Because we don't control the html content of the actual web ide, we
won't integrate with the more common front end js for google analytics.
Instead we use server side communications.
* webide: add page to events
* safari has stricter intepretations of the policy. This adds explicit
web socket connect-src field
* bugfix for multiple requests for webpage in a very small amount of
time. This would previously start up multiple containers
The web ide does not support all browsers, most notably, does not work
in IE. However, we have a tiny js script with terms and conditions which
might as well be IE compatible.
Also, due to security vulnerabilities with older alpine distributions
- we are making sure to download the latest and patched version of
alpine
* fail bash terminal by setting config to run bogus command
* one last fix for hiding terminal
Initially attempted to use external terminal with echo command but this
still opened an integrated terminal. Changing the terminal command from
/bin/bash to echo "No Terminal Available" crashes the integrated
terminal, which of course is better than having a working terminal!
* web ide: security headers
includes security headers for content policy and other security related
features.
includes style fixes to hide terminal, debugger, and navigation widget.
* webide: update to latest sdk
* web ide: re-enable open widget, enable telemetry
* even though we know arbitrary commands can be run from the open
widget, it is too useful to disable
* raised issue where opting out of telementry causes critical errors in
the plugin. For now, we are enabling the telemetry by default (even
though it actually doesn't log anything because our network security
does not allow that traffic to go out)
Previously we tried to run "da docs" which makes no sense for the new
assistant and for the old assistant it just outputs a message to go to
the website.
* webide: add vscode settings to disable telementry
* webide: remove keybindings
* Adding settings.json to webide server image, in order to disable
telemetry popup.
* clean webide 400 and 500 error messages (which reveal too much about
software)
* disable daml guidelines link until it can be fixed
* more hiding of content from front end
The webide proxy did not properly handle critical errors when sockets
were interrupted. This fix catches all errors and resets session state
and proxy appropriately.
Removed more functionality from Preferences menu
* webide: remove trademark images and phrases
criminal css hijacking of the monaco web editor, including, but probably
not limited to
* svg image replacement for logo
* welcome screen styling and content
also implemented http to https redirect in accordance with our infrastructure.
* webide: improve css hijacking and style the editor
automatically append da specific css to the css delivered by code-server
ide. We are
* replacing icons
* replacing favicon
* hiding menu items
* hiding action items (left panel)
* replacing text in the welcome script
This pr addresses security concerns regarding the web ide docker container.
The bulk of the changes involve managing and coordinating docker
networks so that the proxy runs on internal docker network as well as
external one, while the web ide containers run only on the internal
network.