@forge/csp 0.0.0-experimental-32f9210 → 0.0.0-experimental-7c72fec

package/CHANGELOG.md

@@ -1,6 +1,178 @@
 # @forge/csp
 
-## 0.0.0-experimental-32f9210
+## 1.9.0
+
+### Minor Changes
+
+- 1c196ff: Add support for external fetch client to reference remote
+
+### Patch Changes
+
+- 1dba082: Enabling new frame ancestors '_.atl-paas.net' and '_.atlassian.com'
+
+## 1.9.0-next.1
+
+### Minor Changes
+
+- 1c196ff: Add support for external fetch client to reference remote
+
+## 1.8.1-next.0
+
+### Patch Changes
+
+- 04e4152: Enabling new frame ancestors '_.atl-paas.net' and '_.atlassian.com'
+
+## 1.8.0
+
+### Minor Changes
+
+- d5f3fac: Remove deprecated method for handling CSP user config
+- f002362: Revert change for deprecated CSP
+
+## 1.8.0-next.1
+
+### Minor Changes
+
+- f002362: Revert change for deprecated CSP
+
+## 1.8.0-next.0
+
+### Minor Changes
+
+- d5f3fac: Remove deprecated method for handling CSP user config
+
+## 1.7.1
+
+### Patch Changes
+
+- 4b41a80: Added egress messaging to install prompts
+
+## 1.7.1-next.0
+
+### Patch Changes
+
+- 4b41a80: Added egress messaging to install prompts
+
+## 1.7.0
+
+### Minor Changes
+
+- ef00257: Add \*.jira.com to allowed host site list
+
+### Patch Changes
+
+- d7a1fe3: Update dependencies to remove any transitive dependencies on request
+
+## 1.7.0-next.1
+
+### Patch Changes
+
+- d7a1fe3: Update dependencies to remove any transitive dependencies on request
+
+## 1.7.0-next.0
+
+### Minor Changes
+
+- ef00257: Add \*.jira.com to allowed host site list
+
+## 1.6.0
+
+### Minor Changes
+
+- 8714f5a: Add support for fonts and frames as part of Egress Permissions for Custom UI apps
+
+### Patch Changes
+
+- f8ae8a2: Add support for Bitbucket origin in Custom UI
+
+## 1.6.0-next.1
+
+### Patch Changes
+
+- f8ae8a2: Add support for Bitbucket origin in Custom UI
+
+## 1.6.0-next.0
+
+### Minor Changes
+
+- 8714f5a: Add support for fonts and frames as part of Egress Permissions for Custom UI apps
+
+## 1.5.0
+
+### Minor Changes
+
+- 638194f: Fix logic to detect missing fetch egress permission
+
+## 1.5.0-next.0
+
+### Minor Changes
+
+- 638194f: Fix logic to detect missing fetch egress permission
+
+## 1.4.0
+
+### Minor Changes
+
+- 05f608f: Added external fetch linting
+
+### Patch Changes
+
+- bd9194a: Added error protection to egress filtering for URLs with no protocol
+
+## 1.4.0-next.1
+
+### Patch Changes
+
+- bd9194a: Added error protection to egress filtering for URLs with no protocol
+
+## 1.4.0-next.0
+
+### Minor Changes
+
+- 05f608f: Added external fetch linting
+
+## 1.3.0
+
+### Minor Changes
+
+- 9ec2911: Allow style-src as part of Egress Permissions for Custom UI apps
+
+### Patch Changes
+
+- 2ddcdb2: Update frame-ancestors for dev
+- 2b3c55d: Fix to restrict frame ancestors of Custom UI apps
+
+## 1.3.0-next.2
+
+### Patch Changes
+
+- 2ddcdb2: Update frame-ancestors for dev
+
+## 1.3.0-next.1
+
+### Minor Changes
+
+- 9ec2911: Allow style-src as part of Egress Permissions for Custom UI apps
+
+## 1.2.1-next.0
+
+### Patch Changes
+
+- 2b3c55d: Fix to restrict frame ancestors of Custom UI apps
+
+## 1.2.0
+
+### Minor Changes
+
+- 6c482ef: Add `allow-downloads allow-modals` to sandbox
+
+## 1.2.0-next.0
+
+### Minor Changes
+
+- 6c482ef: Add `allow-downloads allow-modals` to sandbox
+
+## 1.1.0
 
 ### Minor Changes
 

package/out/{csp-injection-service.d.ts → csp/csp-injection-service.d.ts}

@@ -1,9 +1,10 @@
 import type { LambdaEnvironment } from '@forge/cli-shared';
-import { CSPDetails } from './types';
+import { CSPDetails } from '../types';
 export declare class CSPInjectionService {
     private getCSPReportUri;
     private getForgeGlobalCSP;
     private getExistingCSPDetails;
+    private getFrameAncestors;
     getInjectableCSP: (existingCSPDetails: CSPDetails, env: LambdaEnvironment, tunnelCSPReporterUri?: string | undefined) => string[];
 }
 //# sourceMappingURL=csp-injection-service.d.ts.map

package/out/csp/csp-injection-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAUvD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IAIzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,iBAAiB;IAalB,gBAAgB,uBACD,UAAU,OACzB,iBAAiB,gDAErB,MAAM,EAAE,CA4CT;CACH"}

package/out/{csp-injection-service.js → csp/csp-injection-service.js}

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.CSPInjectionService = void 0;
-const types_1 = require("./types");
+const types_1 = require("../types");
 const atlassianImageHosts = {
     dev: ['https://avatar-management--avatars.us-west-2.staging.public.atl-paas.net', 'https://api.dev.atlassian.com'],
     stg: ['https://avatar-management--avatars.us-west-2.staging.public.atl-paas.net', 'https://api.stg.atlassian.com'],
@@ -13,6 +13,9 @@ class CSPInjectionService {
         this.getInjectableCSP = (existingCSPDetails, env, tunnelCSPReporterUri) => {
             const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(env);
             const defaultSrc = `'self'`;
+            const frameAncestors = ["'self'", ...this.getFrameAncestors(env)].join(' ');
+            const frameSrc = ["'self'", ...this.getExistingCSPDetails(types_1.ExternalCspType.FRAME_SRC, existingCSPDetails)].join(' ');
+            const fontSrc = ["'self'", ...this.getExistingCSPDetails(types_1.ExternalCspType.FONT_SRC, existingCSPDetails)].join(' ');
             const imgSrc = [
                 "'self'",
                 'data:',
@@ -33,16 +36,19 @@ class CSPInjectionService {
                 this.getForgeGlobalCSP(env),
                 ...this.getExistingCSPDetails(types_1.ExternalCspType.SCRIPT_SRC, existingCSPDetails)
             ].join(' ');
-            const styleSrc = ["'self'", ...this.getExistingCSPDetails('style-src', existingCSPDetails)].join(' ');
+            const styleSrc = ["'self'", ...this.getExistingCSPDetails(types_1.ExternalCspType.STYLE_SRC, existingCSPDetails)].join(' ');
             return [
                 `default-src ${defaultSrc}`,
+                `frame-ancestors ${frameAncestors}`,
+                `frame-src ${frameSrc}`,
+                `font-src ${fontSrc}`,
                 `img-src ${imgSrc}`,
                 `media-src ${mediaSrc}`,
                 `connect-src ${connectSrc}`,
                 `script-src ${scriptSrc}`,
                 `style-src ${styleSrc}`,
                 `form-action 'self'`,
-                `sandbox allow-forms allow-scripts allow-same-origin`,
+                `sandbox allow-downloads allow-forms allow-modals allow-same-origin allow-scripts`,
                 `report-uri ${reportUri}`
             ];
         };
@@ -61,5 +67,17 @@ class CSPInjectionService {
         var _a;
         return (_a = cspDetails[cspType]) !== null && _a !== void 0 ? _a : [];
     }
+    getFrameAncestors(env) {
+        if (env === 'prod')
+            return ['*.atlassian.net', 'bitbucket.org', '*.jira.com', '*.atlassian.com'];
+        return [
+            '*.jira-dev.com',
+            'http://localhost:*',
+            '*.devbucket.org',
+            'https://staging.bb-inf.net',
+            'https://integration.bb-inf.net',
+            '*.atl-paas.net'
+        ];
+    }
 }
 exports.CSPInjectionService = CSPInjectionService;

package/out/{csp-processing-service.d.ts → csp/csp-processing-service.d.ts}

@@ -1,11 +1,15 @@
 import type { Logger } from '@forge/cli-shared';
 import type { Permissions } from '@forge/manifest';
-import { ContentPermissions, CSPDetails, DocumentBody } from './types';
+import { ContentPermissions, CSPDetails, DocumentBody } from '../types';
+export declare class InvalidConnectSrc extends Error {
+    constructor();
+}
 export declare class CSPProcessingService {
     private readonly logger;
     constructor(logger: Pick<Logger, 'info'>);
     getCspDetails(body: DocumentBody, permissions: Permissions): CSPDetails;
     getInvalidCspPermissions(contentPermissions: ContentPermissions): string[];
+    private assertValidFetchClient;
     private mapExternalPermissionsToCsp;
     private getStyleSrc;
     private getScriptSrc;

package/out/csp/csp-processing-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"csp-processing-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-processing-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,WAAW,EAAS,MAAM,iBAAiB,CAAC;AAK1D,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,YAAY,EAAuB,MAAM,UAAU,CAAC;AAa7F,qBAAa,iBAAkB,SAAQ,KAAK;;CAI3C;AAMD,qBAAa,oBAAoB;IACnB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC;IAElD,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,GAAG,UAAU;IAkBvE,wBAAwB,CAAC,kBAAkB,EAAE,kBAAkB,GAAG,MAAM,EAAE;IASjF,OAAO,CAAC,sBAAsB;IAW9B,OAAO,CAAC,2BAA2B;IAgBnC,OAAO,CAAC,WAAW;IASnB,OAAO,CAAC,YAAY;IAWpB,OAAO,CAAC,mBAAmB;IAoB3B,OAAO,CAAC,qBAAqB;IAW7B,OAAO,CAAC,UAAU;IAKlB,OAAO,CAAC,oBAAoB;IAM5B,OAAO,CAAC,mBAAmB;IAW3B,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,WAAW;IAKnB,OAAO,CAAC,oBAAoB;CAa7B"}

package/out/{csp-processing-service.js → csp/csp-processing-service.js}

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CSPProcessingService = void 0;
+exports.CSPProcessingService = exports.InvalidConnectSrc = void 0;
 const tslib_1 = require("tslib");
 const cheerio_1 = tslib_1.__importDefault(require("cheerio"));
 const content_security_policy_parser_1 = tslib_1.__importDefault(require("content-security-policy-parser"));
@@ -12,6 +12,12 @@ const BASE_64_HASH_PATTERNS = [
     /^'sha384-[a-zA-Z0-9=+/]{64}'$/,
     /^'sha512-[a-zA-Z0-9=+/]{88}'$/
 ];
+class InvalidConnectSrc extends Error {
+    constructor() {
+        super('fetch.client should be an array of strings');
+    }
+}
+exports.InvalidConnectSrc = InvalidConnectSrc;
 class CSPProcessingService {
     constructor(logger) {
         this.logger = logger;
@@ -21,8 +27,8 @@ class CSPProcessingService {
         const { scripts, styles } = (_a = permissions === null || permissions === void 0 ? void 0 : permissions.content) !== null && _a !== void 0 ? _a : { scripts: [], styles: [] };
         const external = (_b = permissions === null || permissions === void 0 ? void 0 : permissions.external) !== null && _b !== void 0 ? _b : {};
         const $ = cheerio_1.default.load(body);
-        const _c = this.mapExternalPermissionsToCsp(external), { 'script-src': scriptSrc } = _c, mappedExternalCsp = tslib_1.__rest(_c, ['script-src']);
-        return Object.assign({ 'style-src': this.getStyleSrc($, styles), 'script-src': [...this.getScriptSrc($, scripts), ...scriptSrc] }, mappedExternalCsp);
+        const _c = this.mapExternalPermissionsToCsp(external), { 'script-src': scriptSrc, 'style-src': styleSrc } = _c, mappedExternalCsp = tslib_1.__rest(_c, ['script-src', 'style-src']);
+        return Object.assign({ 'style-src': [...this.getStyleSrc($, styles), ...styleSrc], 'script-src': [...this.getScriptSrc($, scripts), ...scriptSrc] }, mappedExternalCsp);
     }
     getInvalidCspPermissions(contentPermissions) {
         var _a, _b;
@@ -31,14 +37,27 @@ class CSPProcessingService {
         const invalidScripts = (_b = scripts === null || scripts === void 0 ? void 0 : scripts.filter((scriptSrc) => !this.isValidUserScriptSrc(`'${scriptSrc}'`))) !== null && _b !== void 0 ? _b : [];
         return [...invalidStyles, ...invalidScripts];
     }
+    assertValidFetchClient(fetch) {
+        if (fetch === null || fetch === void 0 ? void 0 : fetch.client) {
+            for (const client of fetch === null || fetch === void 0 ? void 0 : fetch.client) {
+                if (typeof client !== 'string') {
+                    throw new InvalidConnectSrc();
+                }
+            }
+        }
+    }
     mapExternalPermissionsToCsp(externalPermissions) {
         var _a;
-        const { images, media, scripts, fetch } = externalPermissions;
+        const { images, media, scripts, fetch, styles, fonts, frames } = externalPermissions;
+        this.assertValidFetchClient(fetch);
         return {
             'img-src': images !== null && images !== void 0 ? images : [],
             'media-src': media !== null && media !== void 0 ? media : [],
             'script-src': scripts !== null && scripts !== void 0 ? scripts : [],
-            'connect-src': (_a = fetch === null || fetch === void 0 ? void 0 : fetch.client) !== null && _a !== void 0 ? _a : []
+            'style-src': styles !== null && styles !== void 0 ? styles : [],
+            'connect-src': (_a = fetch === null || fetch === void 0 ? void 0 : fetch.client) !== null && _a !== void 0 ? _a : [],
+            'font-src': fonts !== null && fonts !== void 0 ? fonts : [],
+            'frame-src': frames !== null && frames !== void 0 ? frames : []
         };
     }
     getStyleSrc($, userStyleSrc) {

package/out/csp/index.d.ts

@@ -0,0 +1,3 @@
+export * from './csp-injection-service';
+export * from './csp-processing-service';
+//# sourceMappingURL=index.d.ts.map

package/out/csp/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/csp/index.ts"],"names":[],"mappings":"AAEA,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC"}

package/out/csp/index.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./csp-injection-service"), exports);
+tslib_1.__exportStar(require("./csp-processing-service"), exports);

package/out/egress/egress-filtering-service.d.ts

@@ -0,0 +1,11 @@
+export declare class EgressFilteringService {
+    private readonly URLs;
+    private readonly wildcardDomains;
+    private readonly allowsEverything;
+    constructor(allowList: string[]);
+    private safeURL;
+    isValidUrl(url: string): boolean;
+    private domainCheck;
+    private domainIsAllowed;
+}
+//# sourceMappingURL=egress-filtering-service.d.ts.map

package/out/egress/egress-filtering-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"egress-filtering-service.d.ts","sourceRoot":"","sources":["../../src/egress/egress-filtering-service.ts"],"names":[],"mappings":"AAGA,qBAAa,sBAAsB;IACjC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAQ;IAC7B,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAQ;IACxC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAU;gBAE/B,SAAS,EAAE,MAAM,EAAE;IAY/B,OAAO,CAAC,OAAO;IAOR,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAQvC,OAAO,CAAC,WAAW;IAWnB,OAAO,CAAC,eAAe;CAWxB"}

package/out/egress/egress-filtering-service.js

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EgressFilteringService = void 0;
+const tslib_1 = require("tslib");
+const micromatch_1 = tslib_1.__importDefault(require("micromatch"));
+const url_1 = require("url");
+class EgressFilteringService {
+    constructor(allowList) {
+        this.URLs = allowList
+            .filter((domainOrURL) => !domainOrURL.startsWith('*'))
+            .map((url) => this.safeURL(url));
+        this.wildcardDomains = allowList
+            .filter((domainOrURL) => domainOrURL !== '*')
+            .map((url) => this.safeURL(url))
+            .filter((url) => url.hostname.startsWith('*'));
+        this.allowsEverything = allowList.includes('*');
+    }
+    safeURL(url, defaultProtocol = 'https://') {
+        const protocolRegex = /^(.*:\/\/)/;
+        return new url_1.URL(protocolRegex.test(url) ? url : `${defaultProtocol}${url}`);
+    }
+    isValidUrl(url) {
+        if (this.allowsEverything) {
+            return true;
+        }
+        return this.domainIsAllowed(this.safeURL(url));
+    }
+    domainCheck(domain, allowList) {
+        const hostnameMatchedProtocol = allowList
+            .filter((allowed) => allowed.protocol === domain.protocol)
+            .map((url) => url.hostname);
+        return (micromatch_1.default([domain.hostname], hostnameMatchedProtocol, {
+            dot: true
+        }).length > 0);
+    }
+    domainIsAllowed(domain) {
+        if (this.domainCheck(domain, this.URLs)) {
+            return true;
+        }
+        if (this.domainCheck(domain, this.wildcardDomains)) {
+            return true;
+        }
+        return false;
+    }
+}
+exports.EgressFilteringService = EgressFilteringService;

package/out/egress/index.d.ts

@@ -0,0 +1,3 @@
+export * from './egress-filtering-service';
+export * from './utils';
+//# sourceMappingURL=index.d.ts.map

package/out/egress/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/egress/index.ts"],"names":[],"mappings":"AAEA,cAAc,4BAA4B,CAAC;AAC3C,cAAc,SAAS,CAAC"}

package/out/egress/index.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./egress-filtering-service"), exports);
+tslib_1.__exportStar(require("./utils"), exports);

package/out/egress/utils.d.ts

@@ -0,0 +1,3 @@
+declare const sortAndGroupEgressPermissionsByDomain: (egressAddresses: string[]) => Array<string>;
+export { sortAndGroupEgressPermissionsByDomain };
+//# sourceMappingURL=utils.d.ts.map

package/out/egress/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/egress/utils.ts"],"names":[],"mappings":"AAGA,QAAA,MAAM,qCAAqC,oBAAqB,MAAM,EAAE,KAAG,KAAK,CAAC,MAAM,CA2BtF,CAAC;AAEF,OAAO,EAAE,qCAAqC,EAAE,CAAC"}

package/out/egress/utils.js

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sortAndGroupEgressPermissionsByDomain = void 0;
+const tslib_1 = require("tslib");
+const micromatch_1 = tslib_1.__importDefault(require("micromatch"));
+const url_1 = require("url");
+const sortAndGroupEgressPermissionsByDomain = (egressAddresses) => {
+    const protocolRegex = /^(.*?:\/\/)/;
+    const domainSet = new Set();
+    const groupSet = new Set();
+    const removeSet = new Set();
+    if ((egressAddresses === null || egressAddresses === void 0 ? void 0 : egressAddresses.length) === 0) {
+        return [];
+    }
+    egressAddresses.forEach((item) => {
+        const itemWithProtocol = protocolRegex.test(item) ? item : `https://${item}`;
+        const url = new url_1.URL(itemWithProtocol);
+        if (url.hostname.startsWith('*')) {
+            groupSet.add(url.hostname.substring(2));
+            removeSet.add('!' + url.hostname);
+        }
+        else {
+            domainSet.add(url.hostname);
+        }
+    });
+    if (removeSet.size === 0) {
+        return [...domainSet];
+    }
+    return [...new Set(micromatch_1.default([...domainSet], [...removeSet]).concat([...groupSet]))].sort();
+};
+exports.sortAndGroupEgressPermissionsByDomain = sortAndGroupEgressPermissionsByDomain;

package/out/index.d.ts

@@ -1,4 +1,4 @@
-export * from './csp-injection-service';
-export * from './csp-processing-service';
+export * from './csp';
+export * from './egress';
 export * from './types';
 //# sourceMappingURL=index.d.ts.map

package/out/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC;AACzC,cAAc,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,cAAc,OAAO,CAAC;AACtB,cAAc,UAAU,CAAC;AACzB,cAAc,SAAS,CAAC"}

package/out/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 const tslib_1 = require("tslib");
-tslib_1.__exportStar(require("./csp-injection-service"), exports);
-tslib_1.__exportStar(require("./csp-processing-service"), exports);
+tslib_1.__exportStar(require("./csp"), exports);
+tslib_1.__exportStar(require("./egress"), exports);
 tslib_1.__exportStar(require("./types"), exports);

package/out/types.d.ts

@@ -7,10 +7,10 @@ export declare enum ExternalCspType {
     IMG_SRC = "img-src",
     MEDIA_SRC = "media-src",
     SCRIPT_SRC = "script-src",
-    CONNECT_SRC = "connect-src"
-}
-export declare type MappedExternalCsp = Record<ExternalCspType, string[]>;
-export interface CSPDetails extends MappedExternalCsp {
-    'style-src': string[];
+    STYLE_SRC = "style-src",
+    CONNECT_SRC = "connect-src",
+    FONT_SRC = "font-src",
+    FRAME_SRC = "frame-src"
 }
+export declare type CSPDetails = Record<ExternalCspType, string[]>;
 //# sourceMappingURL=types.d.ts.map

package/out/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEnD,oBAAY,YAAY,GAAG,MAAM,GAAG,MAAM,CAAC;AAE3C,oBAAY,kBAAkB,GAAG,WAAW,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC;AACrE,oBAAY,mBAAmB,GAAG,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC;AACvE,oBAAY,eAAe;IACzB,OAAO,YAAY;IACnB,SAAS,cAAc;IACvB,UAAU,eAAe;IACzB,WAAW,gBAAgB;CAC5B;AACD,oBAAY,iBAAiB,GAAG,MAAM,CAAC,eAAe,EAAE,MAAM,EAAE,CAAC,CAAC;AAElE,MAAM,WAAW,UAAW,SAAQ,iBAAiB;IACnD,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEnD,oBAAY,YAAY,GAAG,MAAM,GAAG,MAAM,CAAC;AAE3C,oBAAY,kBAAkB,GAAG,WAAW,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC;AACrE,oBAAY,mBAAmB,GAAG,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC;AACvE,oBAAY,eAAe;IACzB,OAAO,YAAY;IACnB,SAAS,cAAc;IACvB,UAAU,eAAe;IACzB,SAAS,cAAc;IACvB,WAAW,gBAAgB;IAC3B,QAAQ,aAAa;IACrB,SAAS,cAAc;CACxB;AACD,oBAAY,UAAU,GAAG,MAAM,CAAC,eAAe,EAAE,MAAM,EAAE,CAAC,CAAC"}

package/out/types.js

@@ -6,5 +6,8 @@ var ExternalCspType;
     ExternalCspType["IMG_SRC"] = "img-src";
     ExternalCspType["MEDIA_SRC"] = "media-src";
     ExternalCspType["SCRIPT_SRC"] = "script-src";
+    ExternalCspType["STYLE_SRC"] = "style-src";
     ExternalCspType["CONNECT_SRC"] = "connect-src";
+    ExternalCspType["FONT_SRC"] = "font-src";
+    ExternalCspType["FRAME_SRC"] = "frame-src";
 })(ExternalCspType = exports.ExternalCspType || (exports.ExternalCspType = {}));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@forge/csp",
-  "version": "0.0.0-experimental-32f9210",
+  "version": "0.0.0-experimental-7c72fec",
   "description": "Contains the CSP configuration for Custom UI resources in Forge",
   "main": "out/index.js",
   "author": "Atlassian",
@@ -11,12 +11,13 @@
     "clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
   },
   "devDependencies": {
-    "@forge/cli-shared": "^0.0.0-experimental-32f9210",
-    "@forge/manifest": "^0.0.0-experimental-32f9210",
+    "@forge/cli-shared": "^0.0.0-experimental-7c72fec",
+    "@forge/manifest": "^0.0.0-experimental-7c72fec",
     "@types/jest": "^26.0.0"
   },
   "dependencies": {
-    "cheerio": "^0.20.0",
-    "content-security-policy-parser": "^0.3.0"
+    "cheerio": "^0.22.0",
+    "content-security-policy-parser": "^0.3.0",
+    "micromatch": "^4.0.2"
   }
 }

package/out/csp-injection-service.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../src/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,SAAS,CAAC;AAUtD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IAIzB,OAAO,CAAC,qBAAqB;IAKtB,gBAAgB,uBACD,UAAU,OACzB,iBAAiB,gDAErB,MAAM,EAAE,CAsCT;CACH"}

package/out/csp-processing-service.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"csp-processing-service.d.ts","sourceRoot":"","sources":["../src/csp-processing-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAKnD,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,YAAY,EAA0C,MAAM,SAAS,CAAC;AAiB/G,qBAAa,oBAAoB;IACnB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC;IAElD,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,GAAG,UAAU;IAgBvE,wBAAwB,CAAC,kBAAkB,EAAE,kBAAkB,GAAG,MAAM,EAAE;IASjF,OAAO,CAAC,2BAA2B;IAWnC,OAAO,CAAC,WAAW;IASnB,OAAO,CAAC,YAAY;IAWpB,OAAO,CAAC,mBAAmB;IAoB3B,OAAO,CAAC,qBAAqB;IAW7B,OAAO,CAAC,UAAU;IAKlB,OAAO,CAAC,oBAAoB;IAM5B,OAAO,CAAC,mBAAmB;IAW3B,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,WAAW;IAKnB,OAAO,CAAC,oBAAoB;CAa7B"}