Description
Right now we serve all webviews from the same origin which:
- is not most secure, webviews from different extensions should not share data between each other
- not functionally correct - each webivew expect to have own browser storage partition
- requires tweak in VS Code Web to make it work reliably
Before we tried to serve webview from own origin by producing subdomains like {webview-uuid}-webview-{workspace-id}, but such attempts were unsuccessful since DNS label is limited to 67 chars.
Instead we can try to produce URLs like webview-{webview-uuid}.eu-09.gitpod.io/{workspace-id}. It will give each webview an unique origin and allow ws-proxy to redirect requests to a proper workspace to load common webview bootstrap code.
After it is done we should revert in VS Code Web: https://github.com/gitpod-io/vscode/blob/eae95e2b37ad034edbe411d783b2980f20ed0688/src/vs/workbench/contrib/webview/browser/pre/main.js#L26-L28
Important: we cannot deprecate old webview route till Theia is removed and all workspaces using VS Code relying on it are stopped.