apply csp to webview

[pelikhan]

---

High Level Summary of Changes:

• Webview Improvements: The webview display has been enhanced to lock down the Content Security Policy (CSP), ensuring that only authorized sources can load resources. This change aims for an additional layer of security.

• Refactor of Webview Creation and Management:

  • state.showWebview() is introduced, which centralizes the logic for creating and showing or revealing the webview panel.
  • The logic to find or create a webview panel has been removed from various command handlers, streamlining the process.

• Simplified CSP Policy: A more restrictive but safer CSP policy now applies to the webview, preventing unauthorized scripts and resources from loading.

Summary:

The core enhancement here is around improving security posture through refinement of content serving rules and better management of UI components within your application.

AI-generated content by pr-describe may be incorrect

[github-actions]

LGTM 🚀

The PR introduces significant improvements to web view handling by encapsulating the logic within ExtensionState rather than relying on global variables. This change makes the architecture more modular and easier to manage, which is a positive direction for maintaining and scaling the feature.

Specifically:

• The showWebview method centralizes the creation and management of the web view, avoiding state management across different parts of the codebase.
• By using an instance method on ExtensionState, rather than a singleton, it ensures that each extension instance can manage its own webviews, allowing for potential future parallel support (e.g., multiple workspaces).

Overall, this change enhances maintainability and scalability of the web view functionality. 🎉

AI-generated content by pr-review may be incorrect