Skip to content

Add settings for custom gallery extension URLs#14647

Open
jstruzik wants to merge 2 commits into
posit-dev:mainfrom
jstruzik:claude/flamboyant-tu-9a88a3
Open

Add settings for custom gallery extension URLs#14647
jstruzik wants to merge 2 commits into
posit-dev:mainfrom
jstruzik:claude/flamboyant-tu-9a88a3

Conversation

@jstruzik

@jstruzik jstruzik commented Jul 2, 2026

Copy link
Copy Markdown

This PR does two things:

  • Adds support for pointing the extension gallery at a custom Open VSX-compatible server (for example a self-hosted Posit Package Manager), which previously was only possible via the undiscoverable EXTENSIONS_GALLERY environment variable (see EXTENSIONS_GALLERY is ignored when trying to set a custom gallery URL #13415)
    • A new Custom option activates a new Custom Gallery Url setting. Both the built-in presets and the custom URL now derive their full gallery endpoints from a single base URL through one deriveGalleryConfig() helper, so the Open VSX URL scheme lives in one place and presets and custom URLs cannot drift.
  • The second part fixes a pre-existing cross-gallery fallback: the resource ("unpkg") API in extensionGalleryService used the product-default gallery as a hard-coded fallback, so a request that failed against a non-default gallery would silently leak to the default gallery.

Here are some screenshots of the configuration and a request going through:
image
image

Release Notes

New Features

  • Add support for configuring a custom Open VSX-compatible extension gallery, such as a self-hosted Posit Package Manager, via the Extension Gallery Source and Custom Gallery Url settings.

Bug Fixes

  • Stop a non-default extension gallery (custom or Open VSX) from silently falling back to the default gallery when a resource request fails.

Validation Steps

  1. Open Settings and search for "Extension Gallery Source"; set it to Custom
  2. Set Custom Gallery Url to a valid Open VSX-compatible base URL, e.g. https://open-vsx.org/vscode. Restart, open the Extensions view, and confirm extensions load from the configured gallery
  3. Restart-prompt timing: with Source = Custom, edit the URL before selecting Custom (or select Custom with an empty URL) and confirm no premature restart prompt; the prompt appears only once the change resolves to a different gallery.
  4. Enter an unreachable URL (e.g. https://nope.invalid/vscode) and confirm a single warning notification (no spam while typing); enter https://user:pass@host/vscode and confirm it is rejected with no credentials shown.
  5. No cross-gallery leak: with Source = Custom pointed at an unreachable/erroring host, confirm requests do not fall back to p3m.dev (check the Network tab / Dev Tools); the failure stays within the configured gallery.
  6. If EXTENSIONS_GALLERY is set to a valid value, confirm changing the settings shows the "environment variable is overriding" notification and does not restart.
  7. Switch back to Posit Public Package Manager and confirm extensions still load.

jstruzik added 2 commits June 30, 2026 15:01
Add a Custom option to the extension gallery source setting plus a
Custom Gallery Url setting. Presets and custom URLs derive their full
gallery endpoints from one deriveGalleryConfig() (single source of
truth); base URLs are canonicalized (credentials, query, and fragment
are rejected). An advisory probe validates the configured gallery on
startup and on change (debounced, warn-once, credential-safe). The
restart prompt fires only when the resolved gallery actually changes.
extensionGalleryService's resource (unpkg) API used the product default
gallery (product.json, i.e. p3m.dev) as a hard-coded fallback, so a
request that failed against a non-default gallery selected via
positron.extensions.gallerySource -- a custom or Open VSX gallery --
silently leaked to the default gallery. For example, a custom gallery
returning 5xx would fall back to p3m.dev and serve its extensions
instead. Only use the product fallback when it targets the same gallery
host as the resolved resource (sameGalleryHost).
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

Thank you for this PR! We ask that you sign our Contributor License Agreement before we accept your contribution. You can sign the CLA by posting a comment on this PR saying:


I have read the CLA Document and I hereby sign the CLA


You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant