Web IDE extension host domain application setting

Issue: [WebIDE] Allow GitLab self-managed admins to pr... (#560310 - closed)

What does this MR do and why?

It implements an application setting that allows GitLab Self-Managed instance administrators to provide a custom Web IDE extension host domain. The extension host domain is a wildcard domain name that the Web IDE uses to isolate VSCode from the GitLab rails application using the web browser's same origin policy. Making the extension host domain configurable allows GitLab administrators to bring their own VSCode assets host.

Implementation details

• This MR relies on the existing vscode_extension_marketplace jsonb_accesor column to avoid introducing database migrations for this application setting.
• The Web IDE route's Content Security Policy headers are generated based on the application setting.

Bigger picture

• This change is part of the project to provide better support for air-gapped environments in the Web IDE. You can see more details about this project in [WebIDE] Support Web IDE on GitLab Self-Managed... (&15146).
• The next step in this project is described in the issue [WebIDE] Use GitLab instance as the Web IDE's e... (#576648)

Update application settings SQL Query

UPDATE
 "application_settings"
SET
 "updated_at" = '2025-10-16 07:53:31.024046',
 "vscode_extension_marketplace" = '{"preset":"open_vsx","enabled":true,"extension_host_domain":"cdn.web-ide.gitlab-static.net"}'
WHERE
 "application_settings"."id" = 1

Query plan

 ModifyTable on public.application_settings (cost=0.12..3.14 rows=0 width=0) (actual time=17.769..17.770 rows=0 loops=1)
 Buffers: shared hit=153 read=25 dirtied=5
 WAL: records=8 fpi=4 bytes=26214
 I/O Timings: read=14.292 write=0.000
 -> Index Scan using application_settings_pkey on public.application_settings (cost=0.12..3.14 rows=1 width=46) (actual time=2.547..2.551 rows=1 loops=1)
 Index Cond: (application_settings.id = 1)
 Buffers: shared read=2 dirtied=1
 WAL: records=1 fpi=1 bytes=3821
 I/O Timings: read=1.266 write=0.000
Settings: effective_cache_size = '472585MB', jit = 'off', random_page_cost = '1.5', seq_page_cost = '4', work_mem = '100MB'

References

Screenshots or screen recordings

The following video demonstrates the UI to update the Web IDE extension host domain:

web_ide_static_host_demo.mov

How to set up and validate locally

1. Visit the URL: https://gdk.test:3443/admin/application_settings/general#js-web-ide-settings.
2. Enter a valid domain name in the Extension host domain field. There is proper validation for invalid domain names.
3. Click "Save changes".
4. Open a project in the Web IDE. Since the domain you entered will likely not point to a valid VSCode assets host, the Web IDE will fallback to "single origin mode" and will load the VSCode assets from the GitLab instance itself.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.