@forge/csp 1.8.0-next.1 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/CHANGELOG.md +29 -0
  2. package/out/csp/csp-injection-service.d.ts.map +1 -1
  3. package/out/csp/csp-injection-service.js +3 -2
  4. package/out/csp/csp-processing-service.d.ts +4 -0
  5. package/out/csp/csp-processing-service.d.ts.map +1 -1
  6. package/out/csp/csp-processing-service.js +17 -1
  7. package/package.json +3 -3
package/CHANGELOG.md CHANGED
@@ -1,5 +1,34 @@
1
1
  # @forge/csp
2
2
 
3
+ ## 1.9.0
4
+
5
+ ### Minor Changes
6
+
7
+ - 1c196ff: Add support for external fetch client to reference remote
8
+
9
+ ### Patch Changes
10
+
11
+ - 1dba082: Enabling new frame ancestors '_.atl-paas.net' and '_.atlassian.com'
12
+
13
+ ## 1.9.0-next.1
14
+
15
+ ### Minor Changes
16
+
17
+ - 1c196ff: Add support for external fetch client to reference remote
18
+
19
+ ## 1.8.1-next.0
20
+
21
+ ### Patch Changes
22
+
23
+ - 04e4152: Enabling new frame ancestors '_.atl-paas.net' and '_.atlassian.com'
24
+
25
+ ## 1.8.0
26
+
27
+ ### Minor Changes
28
+
29
+ - d5f3fac: Remove deprecated method for handling CSP user config
30
+ - f002362: Revert change for deprecated CSP
31
+
3
32
  ## 1.8.0-next.1
4
33
 
5
34
  ### Minor Changes
package/out/csp/csp-injection-service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAUvD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IAIzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,iBAAiB;IAYlB,gBAAgB,uBACD,UAAU,OACzB,iBAAiB,gDAErB,MAAM,EAAE,CA4CT;CACH"}
1
+ {"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAUvD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IAIzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,iBAAiB;IAalB,gBAAgB,uBACD,UAAU,OACzB,iBAAiB,gDAErB,MAAM,EAAE,CA4CT;CACH"}
package/out/csp/csp-injection-service.js CHANGED
@@ -69,13 +69,14 @@ class CSPInjectionService {
69
69
  }
70
70
  getFrameAncestors(env) {
71
71
  if (env === 'prod')
72
- return ['*.atlassian.net', 'bitbucket.org', '*.jira.com'];
72
+ return ['*.atlassian.net', 'bitbucket.org', '*.jira.com', '*.atlassian.com'];
73
73
  return [
74
74
  '*.jira-dev.com',
75
75
  'http://localhost:*',
76
76
  '*.devbucket.org',
77
77
  'https://staging.bb-inf.net',
78
- 'https://integration.bb-inf.net'
78
+ 'https://integration.bb-inf.net',
79
+ '*.atl-paas.net'
79
80
  ];
80
81
  }
81
82
  }
package/out/csp/csp-processing-service.d.ts CHANGED
@@ -1,11 +1,15 @@
1
1
  import type { Logger } from '@forge/cli-shared';
2
2
  import type { Permissions } from '@forge/manifest';
3
3
  import { ContentPermissions, CSPDetails, DocumentBody } from '../types';
4
+ export declare class InvalidConnectSrc extends Error {
5
+ constructor();
6
+ }
4
7
  export declare class CSPProcessingService {
5
8
  private readonly logger;
6
9
  constructor(logger: Pick<Logger, 'info'>);
7
10
  getCspDetails(body: DocumentBody, permissions: Permissions): CSPDetails;
8
11
  getInvalidCspPermissions(contentPermissions: ContentPermissions): string[];
12
+ private assertValidFetchClient;
9
13
  private mapExternalPermissionsToCsp;
10
14
  private getStyleSrc;
11
15
  private getScriptSrc;
package/out/csp/csp-processing-service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"csp-processing-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-processing-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAKnD,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,YAAY,EAAuB,MAAM,UAAU,CAAC;AAiB7F,qBAAa,oBAAoB;IACnB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC;IAElD,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,GAAG,UAAU;IAkBvE,wBAAwB,CAAC,kBAAkB,EAAE,kBAAkB,GAAG,MAAM,EAAE;IASjF,OAAO,CAAC,2BAA2B;IAcnC,OAAO,CAAC,WAAW;IASnB,OAAO,CAAC,YAAY;IAWpB,OAAO,CAAC,mBAAmB;IAoB3B,OAAO,CAAC,qBAAqB;IAW7B,OAAO,CAAC,UAAU;IAKlB,OAAO,CAAC,oBAAoB;IAM5B,OAAO,CAAC,mBAAmB;IAW3B,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,WAAW;IAKnB,OAAO,CAAC,oBAAoB;CAa7B"}
1
+ {"version":3,"file":"csp-processing-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-processing-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,WAAW,EAAS,MAAM,iBAAiB,CAAC;AAK1D,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,YAAY,EAAuB,MAAM,UAAU,CAAC;AAa7F,qBAAa,iBAAkB,SAAQ,KAAK;;CAI3C;AAMD,qBAAa,oBAAoB;IACnB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC;IAElD,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,GAAG,UAAU;IAkBvE,wBAAwB,CAAC,kBAAkB,EAAE,kBAAkB,GAAG,MAAM,EAAE;IASjF,OAAO,CAAC,sBAAsB;IAW9B,OAAO,CAAC,2BAA2B;IAgBnC,OAAO,CAAC,WAAW;IASnB,OAAO,CAAC,YAAY;IAWpB,OAAO,CAAC,mBAAmB;IAoB3B,OAAO,CAAC,qBAAqB;IAW7B,OAAO,CAAC,UAAU;IAKlB,OAAO,CAAC,oBAAoB;IAM5B,OAAO,CAAC,mBAAmB;IAW3B,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,WAAW;IAKnB,OAAO,CAAC,oBAAoB;CAa7B"}
package/out/csp/csp-processing-service.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.CSPProcessingService = void 0;
3
+ exports.CSPProcessingService = exports.InvalidConnectSrc = void 0;
4
4
  const tslib_1 = require("tslib");
5
5
  const cheerio_1 = tslib_1.__importDefault(require("cheerio"));
6
6
  const content_security_policy_parser_1 = tslib_1.__importDefault(require("content-security-policy-parser"));
@@ -12,6 +12,12 @@ const BASE_64_HASH_PATTERNS = [
12
12
  /^'sha384-[a-zA-Z0-9=+/]{64}'$/,
13
13
  /^'sha512-[a-zA-Z0-9=+/]{88}'$/
14
14
  ];
15
+ class InvalidConnectSrc extends Error {
16
+ constructor() {
17
+ super('fetch.client should be an array of strings');
18
+ }
19
+ }
20
+ exports.InvalidConnectSrc = InvalidConnectSrc;
15
21
  class CSPProcessingService {
16
22
  constructor(logger) {
17
23
  this.logger = logger;
@@ -31,9 +37,19 @@ class CSPProcessingService {
31
37
  const invalidScripts = (_b = scripts === null || scripts === void 0 ? void 0 : scripts.filter((scriptSrc) => !this.isValidUserScriptSrc(`'${scriptSrc}'`))) !== null && _b !== void 0 ? _b : [];
32
38
  return [...invalidStyles, ...invalidScripts];
33
39
  }
40
+ assertValidFetchClient(fetch) {
41
+ if (fetch === null || fetch === void 0 ? void 0 : fetch.client) {
42
+ for (const client of fetch === null || fetch === void 0 ? void 0 : fetch.client) {
43
+ if (typeof client !== 'string') {
44
+ throw new InvalidConnectSrc();
45
+ }
46
+ }
47
+ }
48
+ }
34
49
  mapExternalPermissionsToCsp(externalPermissions) {
35
50
  var _a;
36
51
  const { images, media, scripts, fetch, styles, fonts, frames } = externalPermissions;
52
+ this.assertValidFetchClient(fetch);
37
53
  return {
38
54
  'img-src': images !== null && images !== void 0 ? images : [],
39
55
  'media-src': media !== null && media !== void 0 ? media : [],
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@forge/csp",
3
- "version": "1.8.0-next.1",
3
+ "version": "1.9.0",
4
4
  "description": "Contains the CSP configuration for Custom UI resources in Forge",
5
5
  "main": "out/index.js",
6
6
  "author": "Atlassian",
@@ -11,8 +11,8 @@
11
11
  "clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
12
12
  },
13
13
  "devDependencies": {
14
- "@forge/cli-shared": "^2.1.2-next.1",
15
- "@forge/manifest": "^2.2.1-next.1",
14
+ "@forge/cli-shared": "^2.2.0",
15
+ "@forge/manifest": "^3.0.0",
16
16
  "@types/jest": "^26.0.0"
17
17
  },
18
18
  "dependencies": {