@forge/csp 2.0.0 → 2.0.1

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @forge/csp
 
+## 2.0.1
+
+### Patch Changes
+
+- 2a60561: Allow Forge Content Security Policy to load stylesheets from unpkg.com to enable an interim theme mounting solution for Atlassian Design System: Design Tokens
+
+## 2.0.1-next.0
+
+### Patch Changes
+
+- 2a605619: Allow Forge Content Security Policy to load stylesheets from unpkg.com to enable an interim theme mounting solution for Atlassian Design System: Design Tokens
+
 ## 2.0.0
 
 ### Major Changes

package/out/csp/csp-injection-service.d.ts

@@ -5,6 +5,6 @@ export declare class CSPInjectionService {
     private getForgeGlobalCSP;
     private getExistingCSPDetails;
     private getFrameAncestors;
-    getInjectableCSP: (existingCSPDetails: CSPDetails, env: LambdaEnvironment, tunnelCSPReporterUri?: string | undefined) => string[];
+    getInjectableCSP: (existingCSPDetails: CSPDetails, env: LambdaEnvironment, tunnelCSPReporterUri?: string) => string[];
 }
 //# sourceMappingURL=csp-injection-service.d.ts.map

package/out/csp/csp-injection-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAUvD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IAIzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,iBAAiB;IAalB,gBAAgB,uBACD,UAAU,OACzB,iBAAiB,gDAErB,MAAM,EAAE,CA4CT;CACH"}
+{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAUvD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IAIzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,iBAAiB;IAalB,gBAAgB,uBACD,UAAU,OACzB,iBAAiB,yBACC,MAAM,KAC5B,MAAM,EAAE,CAiDT;CACH"}

package/out/csp/csp-injection-service.js

@@ -46,7 +46,7 @@ class CSPInjectionService {
                 `media-src ${mediaSrc}`,
                 `connect-src ${connectSrc}`,
                 `script-src ${scriptSrc}`,
-                `style-src ${styleSrc}`,
+                `style-src ${styleSrc} https://unpkg.com/@atlaskit/tokens@0.10.30/css/atlassian-light.css https://unpkg.com/@atlaskit/tokens@0.10.30/css/atlassian-dark.css`,
                 `form-action 'self'`,
                 `sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-same-origin allow-scripts`,
                 `report-uri ${reportUri}`

package/out/csp/csp-processing-service.js

@@ -133,7 +133,7 @@ class CSPProcessingService {
             this.logger.info('discarding potentially-malicious CSP');
             return {};
         }
-        return content_security_policy_parser_1.default(cspContent);
+        return (0, content_security_policy_parser_1.default)(cspContent);
     }
 }
 exports.CSPProcessingService = CSPProcessingService;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@forge/csp",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "description": "Contains the CSP configuration for Custom UI resources in Forge",
   "main": "out/index.js",
   "author": "Atlassian",
@@ -11,9 +11,9 @@
     "clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
   },
   "devDependencies": {
-    "@forge/cli-shared": "^3.1.0",
-    "@forge/manifest": "^4.2.0",
-    "@types/jest": "^26.0.0"
+    "@forge/cli-shared": "^3.3.0",
+    "@forge/manifest": "^4.5.1",
+    "@types/jest": "^29.1.2"
   },
   "dependencies": {
     "cheerio": "^0.22.0",