@forge/csp 3.1.6 → 3.2.0-experimental-e73e579

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +12 -0
  2. package/out/csp/csp-injection-service.d.ts +2 -1
  3. package/out/csp/csp-injection-service.d.ts.map +1 -1
  4. package/out/csp/csp-injection-service.js +25 -7
  5. package/package.json +3 -3
package/CHANGELOG.md CHANGED
@@ -1,5 +1,17 @@
1
1
  # @forge/csp
2
2
 
3
+ ## 3.2.0
4
+
5
+ ### Minor Changes
6
+
7
+ - ba85e65: Add support for FedRAMP environments
8
+
9
+ ## 3.2.0-next.0
10
+
11
+ ### Minor Changes
12
+
13
+ - ba85e65: Add support for FedRAMP environments
14
+
3
15
  ## 3.1.6
4
16
 
5
17
  ### Patch Changes
package/out/csp/csp-injection-service.d.ts CHANGED
@@ -6,11 +6,12 @@ export declare class CSPInjectionService {
6
6
  private getExistingCSPDetails;
7
7
  private getConnectSrc;
8
8
  private getFrameAncestors;
9
- getInjectableCSP: ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname }: {
9
+ getInjectableCSP: ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP }: {
10
10
  existingCSPDetails: CSPDetails;
11
11
  microsEnv: LambdaEnvironment;
12
12
  tunnelCSPReporterUri?: string | undefined;
13
13
  hostname?: string | undefined;
14
+ isFedRAMP?: boolean | undefined;
14
15
  }) => string[];
15
16
  }
16
17
  //# sourceMappingURL=csp-injection-service.d.ts.map
package/out/csp/csp-injection-service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAmBvD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,iBAAiB;IAIzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAgBrB,OAAO,CAAC,iBAAiB;IA8BlB,gBAAgB;4BAMD,UAAU;mBACnB,iBAAiB;;;UAG1B,MAAM,EAAE,CAwDV;CACH"}
1
+ {"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AA6BvD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,iBAAiB;IAMzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAgBrB,OAAO,CAAC,iBAAiB;IAmClB,gBAAgB;4BAOD,UAAU;mBACnB,iBAAiB;;;;UAI1B,MAAM,EAAE,CAwDV;CACH"}
package/out/csp/csp-injection-service.js CHANGED
@@ -6,18 +6,28 @@ const apiGatewayHost = {
6
6
  dev: 'https://api.dev.atlassian.com',
7
7
  stg: 'https://api.stg.atlassian.com',
8
8
  prod: 'https://api.atlassian.com',
9
- fex: 'https://api.atlassian-fex.com'
9
+ fex: 'https://api.atlassian-fex.com',
10
+ 'fedramp-stg': 'https://api.stg.atlassian-us-gov-mod.com',
11
+ 'fedramp-prod': 'https://api.atlassian-us-gov-mod.com'
10
12
  };
11
13
  const atlassianImageHosts = {
12
14
  dev: ['https://avatar-management--avatars.us-west-2.staging.public.atl-paas.net', apiGatewayHost['dev']],
13
15
  stg: ['https://avatar-management--avatars.us-west-2.staging.public.atl-paas.net', apiGatewayHost['stg']],
14
16
  prod: ['https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net', apiGatewayHost['prod']],
15
- fex: ['https://avatar-management--avatars.us-west-2.staging.public.atl-paas.net', apiGatewayHost['fex']]
17
+ fex: ['https://avatar-management--avatars.us-west-2.staging.public.atl-paas.net', apiGatewayHost['fex']],
18
+ 'fedramp-stg': [
19
+ 'https://avatar-management--avatars.us-east-1.stg.public.atl-paas-us-gov-mod.net',
20
+ apiGatewayHost['fedramp-stg']
21
+ ],
22
+ 'fedramp-prod': [
23
+ 'https://avatar-management--avatars.us-east-1.prod.public.atl-paas-us-gov-mod.net',
24
+ apiGatewayHost['fedramp-prod']
25
+ ]
16
26
  };
17
27
  const gravatarUrl = 'https://secure.gravatar.com';
18
28
  class CSPInjectionService {
19
29
  constructor() {
20
- this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname }) => {
30
+ this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP }) => {
21
31
  const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv);
22
32
  const defaultSrc = `'self'`;
23
33
  const frameAncestors = ["'self'", ...this.getFrameAncestors(microsEnv, hostname)].join(' ');
@@ -47,12 +57,12 @@ class CSPInjectionService {
47
57
  ].join(' ');
48
58
  const scriptSrc = [
49
59
  "'self'",
50
- this.getForgeGlobalCSP(microsEnv),
60
+ this.getForgeGlobalCSP(microsEnv, isFedRAMP),
51
61
  ...this.getExistingCSPDetails(types_1.ExternalCspType.SCRIPT_SRC, existingCSPDetails)
52
62
  ].join(' ');
53
63
  const styleSrc = [
54
64
  "'self'",
55
- this.getForgeGlobalCSP(microsEnv),
65
+ this.getForgeGlobalCSP(microsEnv, isFedRAMP),
56
66
  ...this.getExistingCSPDetails(types_1.ExternalCspType.STYLE_SRC, existingCSPDetails)
57
67
  ].join(' ');
58
68
  const navigateTo = ["'self'"];
@@ -78,8 +88,10 @@ class CSPInjectionService {
78
88
  return 'https://web-security-reports.stg.services.atlassian.com/csp-report/forge-cdn';
79
89
  return 'https://web-security-reports.services.atlassian.com/csp-report/forge-cdn';
80
90
  }
81
- getForgeGlobalCSP(microsEnv) {
82
- return `https://forge.cdn.${microsEnv}.atlassian-dev.net`;
91
+ getForgeGlobalCSP(microsEnv, isFedRAMP = false) {
92
+ return isFedRAMP
93
+ ? `https://forge.cdn.${microsEnv.split('-')[1]}.atlassian-dev-us-gov-mod.net`
94
+ : `https://forge.cdn.${microsEnv}.atlassian-dev.net`;
83
95
  }
84
96
  getExistingCSPDetails(cspType, cspDetails) {
85
97
  var _a;
@@ -112,6 +124,12 @@ class CSPInjectionService {
112
124
  'http://localhost:*'
113
125
  ];
114
126
  }
127
+ else if (microsEnv === 'fedramp-stg') {
128
+ frameAncestors = ['*.atlassian-stg-fedm.net'];
129
+ }
130
+ else if (microsEnv === 'fedramp-prod') {
131
+ frameAncestors = ['*.atlassian-us-gov-mod.net'];
132
+ }
115
133
  else {
116
134
  frameAncestors = ['*.atlassian.net', 'bitbucket.org', '*.jira.com', '*.atlassian.com'];
117
135
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@forge/csp",
3
- "version": "3.1.6",
3
+ "version": "3.2.0-experimental-e73e579",
4
4
  "description": "Contains the CSP configuration for Custom UI resources in Forge",
5
5
  "main": "out/index.js",
6
6
  "author": "Atlassian",
@@ -11,8 +11,8 @@
11
11
  "clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
12
12
  },
13
13
  "devDependencies": {
14
- "@forge/cli-shared": "3.23.3",
15
- "@forge/manifest": "5.5.3",
14
+ "@forge/cli-shared": "3.25.1-next.3-experimental-e73e579",
15
+ "@forge/manifest": "6.2.1-next.1-experimental-e73e579",
16
16
  "@types/jest": "^29.5.12",
17
17
  "@types/node": "14.18.63"
18
18
  },