Use deny list for non-linkable endpoint URLs in extension#15894
Open
adamint wants to merge 1 commit intomicrosoft:mainfrom
Open
Use deny list for non-linkable endpoint URLs in extension#15894adamint wants to merge 1 commit intomicrosoft:mainfrom
adamint wants to merge 1 commit intomicrosoft:mainfrom
Conversation
Replace the HTTP/HTTPS allow list with a deny list matching the dashboard's KnownUnsupportedUrlSchemes. This allows custom schemes like vscode:// to remain clickable while blocking known-unsupported schemes (tcp, redis, telnet, etc.). Fixes microsoft#15472
Contributor
|
🚀 Dogfood this PR with:
curl -fsSL https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 15894Or
iex "& { $(irm https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 15894" |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the VS Code extension’s logic for determining whether endpoint URLs should be clickable by switching from an HTTP(S) allow-list to a scheme deny-list aligned with the dashboard’s KnownUnsupportedUrlSchemes.
Changes:
- Added
isLinkableUrl()helper with a deny list of unsupported URL schemes. - Updated the tree view endpoint items and resource tooltip generation to use
isLinkableUrl()instead of HTTP-only checks. - Added unit tests covering linkable vs non-linkable schemes.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| extension/src/views/AspireAppHostTreeProvider.ts | Uses isLinkableUrl() to decide endpoint clickability and which URLs appear in tooltips. |
| extension/src/utils/urlSchemes.ts | Introduces the deny-list-based isLinkableUrl() helper. |
| extension/src/test/urlSchemes.test.ts | Adds unit tests validating isLinkableUrl() behavior across schemes. |
Comments suppressed due to low confidence (1)
extension/src/views/AspireAppHostTreeProvider.ts:109
EndpointUrlItemnow assignscontextValue = 'endpointUrl'for any scheme that passesisLinkableUrl(), not just HTTP(S). This will also enable the existing context-menu actions (notablyopenInSimpleBrowser/ "Open in VS Code") for custom schemes likevscode://orftp://, which may not be intended or supported by the simple browser. Consider splitting the context value (e.g.,endpointUrlHttpvsendpointUrlLinkable) so that only HTTP(S) endpoints offer the simple-browser action while other linkable schemes only offer external open/copy.
const uri = vscode.Uri.parse(url);
if (isLinkableUrl(url)) {
this.iconPath = new vscode.ThemeIcon('link-external');
this.contextValue = 'endpointUrl';
this.command = {
command: 'vscode.open',
title: url,
arguments: [uri]
};
} else {
this.iconPath = new vscode.ThemeIcon('radio-tower');
this.contextValue = 'endpointUrlNonHttp';
}
JamesNK
approved these changes
Apr 4, 2026
| * This is a deny list because custom schemes could hand off the link to an app | ||
| * registered with the OS. For example, vscode://. | ||
| * | ||
| * Mirrors the dashboard's KnownUnsupportedUrlSchemes (src/Shared/KnownUnsupportedUrlSchemes.cs). |
Member
There was a problem hiding this comment.
Also add a comment to KnownUnsupportedUrlSchemes that values are mirrored here. That way someone (aka AI) knows to update both places.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Replace the HTTP/HTTPS allow list with a deny list matching the dashboard's
KnownUnsupportedUrlSchemesfor determining which endpoint URLs are clickable in the VS Code extension tree view and tooltips.The previous fix (#15514) only made
http://andhttps://URLs clickable, but as @JamesNK pointed out, custom schemes likevscode://should also be clickable since they can hand off to apps registered with the OS. The dashboard uses a deny list approach for this reason.Changes:
extension/src/utils/urlSchemes.tswith a deny list of 9 unsupported schemes (gopher, ws, wss, news, nntp, telnet, tcp, redis, rediss) mirroringsrc/Shared/KnownUnsupportedUrlSchemes.csEndpointUrlItemconstructor to useisLinkableUrl()instead of HTTP-only checkbuildResourceTooltipto useisLinkableUrl()instead ofstartsWith('http')checkisLinkableUrlhelperFixes #15472
Checklist
<remarks />and<code />elements on your triple slash comments?aspire.devissue: