Avatar not displayed if Gitlab is running over an http connection

Summary

Avatar images are not displayed if gitlab is running over an http connection.

Steps to reproduce

• Self hosted Gitlab instance running on http connection.
• Connect vscode extension
• In vscode open any issue
• avatar images are not displayed
• developer tools shows this message:

[Embedded Page] Refused to load the image 'http:///uploads/-/system/user/avatar/2/avatar.png' because it violates the following Content Security Policy directive: "img-src vscode-webview-resource: https:".

What is the current bug behavior?

Avatar is not displayed, A broken image icon is displayed instead.

What is the expected correct behavior?

To see the avatar image with each comment in the issue or have a setting flag that allow to remove the https check.

Relevant logs and/or screenshots

Possible fixes

In issue #138 (closed) Mr. @viktomas pointed out in that the code in index.html needs to be changed in order to take into account the http connection.

We use handlebar-style templating in the index.html and we could possibly use the same for the content security:

- <meta http-equiv="Content-Security-Policy" content="img-src vscode-resource: https:; script-src 'nonce-{{nonce}}';">
+ <meta http-equiv="Content-Security-Policy" content="{{httpsImagesContentSecurity}}script-src 'nonce-{{nonce}}';">

and then

const httpsImagesContentSecurity = isInstanceUrlHttps ? 'img-src vscode-resource: https:; ' : '';