@forge/csp 4.1.0-next.2 → 4.2.0-experimental-959d7b9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,34 @@
|
|
|
1
1
|
# @forge/csp
|
|
2
2
|
|
|
3
|
+
## 4.2.0-experimental-959d7b9
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- aebd633: Patch @forge/csp IC frame ancestors csp bug
|
|
8
|
+
|
|
9
|
+
## 4.2.0
|
|
10
|
+
|
|
11
|
+
### Minor Changes
|
|
12
|
+
|
|
13
|
+
- cfde21e: Add CSP Urls for IC environment
|
|
14
|
+
|
|
15
|
+
## 4.2.0-next.0
|
|
16
|
+
|
|
17
|
+
### Minor Changes
|
|
18
|
+
|
|
19
|
+
- cfde21e: Add CSP Urls for IC environment
|
|
20
|
+
|
|
21
|
+
## 4.1.0
|
|
22
|
+
|
|
23
|
+
### Minor Changes
|
|
24
|
+
|
|
25
|
+
- effab31: Bumped cheerio from 0.22 to 1.1
|
|
26
|
+
|
|
27
|
+
### Patch Changes
|
|
28
|
+
|
|
29
|
+
- 195411c: patch dependencies
|
|
30
|
+
- f5ba3aa: Allow-list Atlassian media URLs by default for media CSP policies
|
|
31
|
+
|
|
3
32
|
## 4.1.0-next.2
|
|
4
33
|
|
|
5
34
|
### Minor Changes
|
|
@@ -1,21 +1,26 @@
|
|
|
1
1
|
import type { LambdaEnvironment } from '@forge/cli-shared';
|
|
2
2
|
import { CSPDetails } from '../types';
|
|
3
|
-
|
|
4
|
-
|
|
3
|
+
declare type IcOptions = {
|
|
4
|
+
icLabel: string;
|
|
5
|
+
serviceName: string;
|
|
5
6
|
};
|
|
7
|
+
export declare const getAtlassianImageHost: (microsEnv: LambdaEnvironment, icOptions?: IcOptions) => string[];
|
|
6
8
|
export declare const EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS: string[];
|
|
7
9
|
export declare class CSPInjectionService {
|
|
8
10
|
private getCSPReportUri;
|
|
9
11
|
private getForgeGlobalCSP;
|
|
12
|
+
private getMetalClientCSP;
|
|
10
13
|
private getExistingCSPDetails;
|
|
11
14
|
private getConnectSrc;
|
|
12
15
|
private getFrameAncestors;
|
|
13
|
-
getInjectableCSP: ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP }: {
|
|
16
|
+
getInjectableCSP: ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions }: {
|
|
14
17
|
existingCSPDetails: CSPDetails;
|
|
15
18
|
microsEnv: LambdaEnvironment;
|
|
16
19
|
tunnelCSPReporterUri?: string | undefined;
|
|
17
20
|
hostname?: string | undefined;
|
|
18
21
|
isFedRAMP?: boolean | undefined;
|
|
22
|
+
icOptions?: IcOptions | undefined;
|
|
19
23
|
}) => string[];
|
|
20
24
|
}
|
|
25
|
+
export {};
|
|
21
26
|
//# sourceMappingURL=csp-injection-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,SAAS,GAAG;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAiGF,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAUjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAqBrB,OAAO,CAAC,iBAAiB;IAiDlB,gBAAgB;4BAQD,UAAU;mBACnB,iBAAiB;;;;;UAK1B,MAAM,EAAE,CA8DV;CACH"}
|
|
@@ -1,157 +1,170 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.CSPInjectionService = exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS = exports.
|
|
3
|
+
exports.CSPInjectionService = exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS = exports.getAtlassianImageHost = void 0;
|
|
4
4
|
const types_1 = require("../types");
|
|
5
|
-
const
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
};
|
|
12
|
-
const ATLASSIAN_MEDIA_GATEWAY_HOST = {
|
|
13
|
-
dev: 'https://media.dev.atl-paas.net',
|
|
14
|
-
stg: 'https://media.staging.atl-paas.net',
|
|
15
|
-
prod: 'https://api.media.atlassian.com',
|
|
16
|
-
'fedramp-stg': 'https://api-media.stg.atlassian-us-gov-mod.com',
|
|
17
|
-
'fedramp-prod': 'https://api-media.atlassian-us-gov-mod.com'
|
|
18
|
-
};
|
|
19
|
-
const ATLASSIAN_AVATAR_HOST = {
|
|
20
|
-
dev: 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
|
|
21
|
-
stg: 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
|
|
22
|
-
prod: 'avatar-management--avatars.us-west-2.prod.public.atl-paas.net',
|
|
23
|
-
'fedramp-stg': 'avatar-management--avatars.us-east-1.staging.cdn.atlassian-us-gov-mod.com',
|
|
24
|
-
'fedramp-prod': 'avatar-management--avatars.us-east-1.prod.cdn.atlassian-us-gov-mod.com'
|
|
25
|
-
};
|
|
26
|
-
const ATLASSIAN_TEAM_HEADER_HOST = {
|
|
27
|
-
dev: 'https://ptc-directory-sited-static.us-east-1.staging.public.atl-paas.net/gradients/',
|
|
28
|
-
stg: 'https://ptc-directory-sited-static.us-east-1.staging.public.atl-paas.net/gradients/',
|
|
29
|
-
prod: 'https://ptc-directory-sited-static.us-east-1.prod.public.atl-paas.net/gradients/',
|
|
30
|
-
'fedramp-stg': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/',
|
|
31
|
-
'fedramp-prod': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/'
|
|
5
|
+
const isICEnvKey = (env) => env === 'ic-prod' || env === 'ic-stg';
|
|
6
|
+
const getICDomain = (env, icLabel) => `${icLabel}.${env === 'ic-prod' ? 'atlassian-isolated.net' : 'oasis-stg.com'}`;
|
|
7
|
+
const makeICHosts = (targetHostFunction) => {
|
|
8
|
+
return {
|
|
9
|
+
'ic-stg': (icOptions) => targetHostFunction('ic-stg', icOptions),
|
|
10
|
+
'ic-prod': (icOptions) => targetHostFunction('ic-prod', icOptions)
|
|
11
|
+
};
|
|
32
12
|
};
|
|
33
|
-
const
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
13
|
+
const ATLASSIAN_HOST = {
|
|
14
|
+
ATLASSIAN_API_GATEWAY_HOST: {
|
|
15
|
+
dev: 'https://api.dev.atlassian.com',
|
|
16
|
+
stg: 'https://api.stg.atlassian.com',
|
|
17
|
+
prod: 'https://api.atlassian.com',
|
|
18
|
+
'fedramp-stg': 'https://api.stg.atlassian-us-gov-mod.com',
|
|
19
|
+
'fedramp-prod': 'https://api.atlassian-us-gov-mod.com',
|
|
20
|
+
...makeICHosts((env, { icLabel }) => `https://api.${getICDomain(env, icLabel)}`)
|
|
21
|
+
},
|
|
22
|
+
ATLASSIAN_MEDIA_GATEWAY_HOST: {
|
|
23
|
+
dev: 'https://media.dev.atl-paas.net',
|
|
24
|
+
stg: 'https://media.staging.atl-paas.net',
|
|
25
|
+
prod: 'https://api.media.atlassian.com',
|
|
26
|
+
'fedramp-stg': 'https://api-media.stg.atlassian-us-gov-mod.com',
|
|
27
|
+
'fedramp-prod': 'https://api-media.atlassian-us-gov-mod.com',
|
|
28
|
+
...makeICHosts((env, { icLabel }) => `https://media-api.${getICDomain(env, icLabel)}`)
|
|
29
|
+
},
|
|
30
|
+
ATLASSIAN_AVATAR_HOST: {
|
|
31
|
+
dev: 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
|
|
32
|
+
stg: 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
|
|
33
|
+
prod: 'avatar-management--avatars.us-west-2.prod.public.atl-paas.net',
|
|
34
|
+
'fedramp-stg': 'avatar-management--avatars.us-east-1.staging.cdn.atlassian-us-gov-mod.com',
|
|
35
|
+
'fedramp-prod': 'avatar-management--avatars.us-east-1.prod.cdn.atlassian-us-gov-mod.com',
|
|
36
|
+
'ic-stg': (_icOptions) => 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
|
|
37
|
+
'ic-prod': (_icOptions) => 'avatar-management--avatars.us-west-2.prod.public.atl-paas.net'
|
|
38
|
+
},
|
|
39
|
+
ATLASSIAN_TEAM_HEADER_HOST: {
|
|
40
|
+
dev: 'https://ptc-directory-sited-static.us-east-1.staging.public.atl-paas.net/gradients/',
|
|
41
|
+
stg: 'https://ptc-directory-sited-static.us-east-1.staging.public.atl-paas.net/gradients/',
|
|
42
|
+
prod: 'https://ptc-directory-sited-static.us-east-1.prod.public.atl-paas.net/gradients/',
|
|
43
|
+
'fedramp-stg': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/',
|
|
44
|
+
'fedramp-prod': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/',
|
|
45
|
+
...makeICHosts((env, { icLabel }) => `https://teams-directory-frontend.services.${getICDomain(env, icLabel)}/bfa/`)
|
|
46
|
+
},
|
|
47
|
+
ATLASSIAN_TEAM_AVATAR_HOST: {
|
|
48
|
+
dev: 'https://teams-directory-frontend.stg-east.frontend.public.atl-paas.net/assets/',
|
|
49
|
+
stg: 'https://teams-directory-frontend.stg-east.frontend.public.atl-paas.net/assets/',
|
|
50
|
+
prod: 'https://teams-directory-frontend.prod-east.frontend.public.atl-paas.net/assets/',
|
|
51
|
+
'fedramp-stg': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/',
|
|
52
|
+
'fedramp-prod': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/',
|
|
53
|
+
...makeICHosts((env, { icLabel }) => `https://teams-directory-frontend.services.${getICDomain(env, icLabel)}/bfa/`)
|
|
54
|
+
},
|
|
55
|
+
ATLASSIAN_EMOJIS_HOST: {
|
|
56
|
+
dev: 'https://pf-emoji-service--cdn.ap-southeast-2.dev.public.atl-paas.net',
|
|
57
|
+
stg: 'https://pf-emoji-service--cdn.us-east-1.staging.public.atl-paas.net',
|
|
58
|
+
prod: 'https://pf-emoji-service--cdn.us-east-1.prod.public.atl-paas.net',
|
|
59
|
+
'fedramp-stg': 'https://pf-emoji-service--cdn.us-east-1.staging.cdn.atlassian-us-gov-mod.com',
|
|
60
|
+
'fedramp-prod': 'https://pf-emoji-service--cdn.us-east-1.prod.cdn.atlassian-us-gov-mod.com',
|
|
61
|
+
...makeICHosts((env, { icLabel }) => `https://pf-emoji-service.${getICDomain(env, icLabel)}`)
|
|
62
|
+
}
|
|
39
63
|
};
|
|
40
|
-
const
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
64
|
+
const getAtlassianHost = (hostType, microsEnv, icOptions) => {
|
|
65
|
+
const hostMap = ATLASSIAN_HOST[hostType];
|
|
66
|
+
if (isICEnvKey(microsEnv)) {
|
|
67
|
+
if (!icOptions) {
|
|
68
|
+
throw new Error('Missing IC label');
|
|
69
|
+
}
|
|
70
|
+
return hostMap[microsEnv](icOptions);
|
|
71
|
+
}
|
|
72
|
+
return hostMap[microsEnv];
|
|
46
73
|
};
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
`https://${ATLASSIAN_AVATAR_HOST
|
|
50
|
-
`https://*.wp.com/${ATLASSIAN_AVATAR_HOST
|
|
51
|
-
ATLASSIAN_API_GATEWAY_HOST
|
|
52
|
-
ATLASSIAN_MEDIA_GATEWAY_HOST
|
|
53
|
-
ATLASSIAN_EMOJIS_HOST
|
|
54
|
-
ATLASSIAN_TEAM_AVATAR_HOST
|
|
55
|
-
ATLASSIAN_TEAM_HEADER_HOST
|
|
56
|
-
]
|
|
57
|
-
stg: [
|
|
58
|
-
`https://${ATLASSIAN_AVATAR_HOST['stg']}`,
|
|
59
|
-
`https://*.wp.com/${ATLASSIAN_AVATAR_HOST['stg']}/`,
|
|
60
|
-
ATLASSIAN_API_GATEWAY_HOST['stg'],
|
|
61
|
-
ATLASSIAN_MEDIA_GATEWAY_HOST['stg'],
|
|
62
|
-
ATLASSIAN_EMOJIS_HOST['stg'],
|
|
63
|
-
ATLASSIAN_TEAM_AVATAR_HOST['stg'],
|
|
64
|
-
ATLASSIAN_TEAM_HEADER_HOST['stg']
|
|
65
|
-
],
|
|
66
|
-
prod: [
|
|
67
|
-
`https://${ATLASSIAN_AVATAR_HOST['prod']}`,
|
|
68
|
-
`https://*.wp.com/${ATLASSIAN_AVATAR_HOST['prod']}/`,
|
|
69
|
-
ATLASSIAN_API_GATEWAY_HOST['prod'],
|
|
70
|
-
ATLASSIAN_MEDIA_GATEWAY_HOST['prod'],
|
|
71
|
-
ATLASSIAN_EMOJIS_HOST['prod'],
|
|
72
|
-
ATLASSIAN_TEAM_AVATAR_HOST['prod'],
|
|
73
|
-
ATLASSIAN_TEAM_HEADER_HOST['prod']
|
|
74
|
-
],
|
|
75
|
-
'fedramp-stg': [
|
|
76
|
-
`https://${ATLASSIAN_AVATAR_HOST['fedramp-stg']}`,
|
|
77
|
-
`https://*.wp.com/${ATLASSIAN_AVATAR_HOST['fedramp-stg']}/`,
|
|
78
|
-
ATLASSIAN_API_GATEWAY_HOST['fedramp-stg'],
|
|
79
|
-
ATLASSIAN_MEDIA_GATEWAY_HOST['fedramp-stg'],
|
|
80
|
-
ATLASSIAN_EMOJIS_HOST['fedramp-stg'],
|
|
81
|
-
ATLASSIAN_TEAM_AVATAR_HOST['fedramp-stg'],
|
|
82
|
-
ATLASSIAN_TEAM_HEADER_HOST['fedramp-stg']
|
|
83
|
-
],
|
|
84
|
-
'fedramp-prod': [
|
|
85
|
-
`https://${ATLASSIAN_AVATAR_HOST['fedramp-prod']}`,
|
|
86
|
-
`https://*.wp.com/${ATLASSIAN_AVATAR_HOST['fedramp-prod']}/`,
|
|
87
|
-
ATLASSIAN_API_GATEWAY_HOST['fedramp-prod'],
|
|
88
|
-
ATLASSIAN_MEDIA_GATEWAY_HOST['fedramp-prod'],
|
|
89
|
-
ATLASSIAN_EMOJIS_HOST['fedramp-prod'],
|
|
90
|
-
ATLASSIAN_TEAM_AVATAR_HOST['fedramp-prod'],
|
|
91
|
-
ATLASSIAN_TEAM_HEADER_HOST['fedramp-prod']
|
|
92
|
-
]
|
|
74
|
+
const getAtlassianImageHost = (microsEnv, icOptions) => {
|
|
75
|
+
return [
|
|
76
|
+
`https://${getAtlassianHost('ATLASSIAN_AVATAR_HOST', microsEnv, icOptions)}`,
|
|
77
|
+
`https://*.wp.com/${getAtlassianHost('ATLASSIAN_AVATAR_HOST', microsEnv, icOptions)}/`,
|
|
78
|
+
getAtlassianHost('ATLASSIAN_API_GATEWAY_HOST', microsEnv, icOptions),
|
|
79
|
+
getAtlassianHost('ATLASSIAN_MEDIA_GATEWAY_HOST', microsEnv, icOptions),
|
|
80
|
+
getAtlassianHost('ATLASSIAN_EMOJIS_HOST', microsEnv, icOptions),
|
|
81
|
+
getAtlassianHost('ATLASSIAN_TEAM_AVATAR_HOST', microsEnv, icOptions),
|
|
82
|
+
getAtlassianHost('ATLASSIAN_TEAM_HEADER_HOST', microsEnv, icOptions)
|
|
83
|
+
];
|
|
93
84
|
};
|
|
85
|
+
exports.getAtlassianImageHost = getAtlassianImageHost;
|
|
94
86
|
exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS = ['https://secure.gravatar.com', 'https://images.unsplash.com'];
|
|
95
87
|
class CSPInjectionService {
|
|
96
|
-
getCSPReportUri(microsEnv) {
|
|
88
|
+
getCSPReportUri(microsEnv, icOptions) {
|
|
89
|
+
const serviceName = isICEnvKey(microsEnv) && icOptions ? icOptions.serviceName : 'forge-cdn';
|
|
97
90
|
if (microsEnv === 'dev' || microsEnv === 'stg')
|
|
98
|
-
return
|
|
99
|
-
return
|
|
91
|
+
return `https://web-security-reports.stg.services.atlassian.com/csp-report/${serviceName}`;
|
|
92
|
+
return `https://web-security-reports.services.atlassian.com/csp-report/${serviceName}`;
|
|
100
93
|
}
|
|
101
|
-
getForgeGlobalCSP(microsEnv, isFedRAMP = false) {
|
|
94
|
+
getForgeGlobalCSP(microsEnv, isFedRAMP = false, icOptions) {
|
|
95
|
+
if (isICEnvKey(microsEnv) && icOptions) {
|
|
96
|
+
return `https://forge.forge-cdn.${getICDomain(microsEnv, icOptions.icLabel)}`;
|
|
97
|
+
}
|
|
102
98
|
return isFedRAMP
|
|
103
99
|
? `https://forge.cdn.${microsEnv.split('-')[1]}.atlassian-dev-us-gov-mod.net`
|
|
104
100
|
: `https://forge.cdn.${microsEnv}.atlassian-dev.net`;
|
|
105
101
|
}
|
|
102
|
+
getMetalClientCSP(microsEnv, icOptions) {
|
|
103
|
+
if (isICEnvKey(microsEnv) && icOptions) {
|
|
104
|
+
return `https://api.${getICDomain(microsEnv, icOptions.icLabel)}/metal/ingest`;
|
|
105
|
+
}
|
|
106
|
+
return `https://api.${microsEnv === 'prod' ? '' : 'stg.'}atlassian.com/metal/ingest`;
|
|
107
|
+
}
|
|
106
108
|
getExistingCSPDetails(cspType, cspDetails) {
|
|
107
109
|
return cspDetails[cspType] ?? [];
|
|
108
110
|
}
|
|
109
|
-
getConnectSrc(microsEnv, isTunnelling) {
|
|
111
|
+
getConnectSrc(microsEnv, isTunnelling, icOptions) {
|
|
110
112
|
const allowed = [];
|
|
111
113
|
if (isTunnelling) {
|
|
112
114
|
allowed.push(...['ws://localhost:*', 'http://localhost:*']);
|
|
113
115
|
}
|
|
114
|
-
|
|
115
|
-
allowed.push(
|
|
116
|
-
allowed.push(
|
|
116
|
+
const metalClientCSP = this.getMetalClientCSP(microsEnv, icOptions);
|
|
117
|
+
allowed.push(metalClientCSP);
|
|
118
|
+
allowed.push(`${getAtlassianHost('ATLASSIAN_API_GATEWAY_HOST', microsEnv, icOptions)}/gateway/api/emoji/`);
|
|
119
|
+
allowed.push(getAtlassianHost('ATLASSIAN_MEDIA_GATEWAY_HOST', microsEnv, icOptions));
|
|
117
120
|
return allowed;
|
|
118
121
|
}
|
|
119
|
-
getFrameAncestors(microsEnv, hostname) {
|
|
122
|
+
getFrameAncestors(microsEnv, hostname, icOptions) {
|
|
120
123
|
let frameAncestors = [];
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
124
|
+
switch (microsEnv) {
|
|
125
|
+
case 'dev':
|
|
126
|
+
case 'stg':
|
|
127
|
+
frameAncestors = [
|
|
128
|
+
'*.jira-dev.com',
|
|
129
|
+
'http://localhost:*',
|
|
130
|
+
'http://devbucket.localhost',
|
|
131
|
+
'https://integration.bb-inf.net',
|
|
132
|
+
'*.atl-paas.net',
|
|
133
|
+
'*.stg.atlassian.com'
|
|
134
|
+
];
|
|
135
|
+
break;
|
|
136
|
+
case 'fedramp-stg':
|
|
137
|
+
frameAncestors = ['*.atlassian-stg-fedm.net'];
|
|
138
|
+
break;
|
|
139
|
+
case 'fedramp-prod':
|
|
140
|
+
frameAncestors = ['*.atlassian-us-gov-mod.net'];
|
|
141
|
+
break;
|
|
142
|
+
case 'ic-stg':
|
|
143
|
+
case 'ic-prod':
|
|
144
|
+
if (icOptions) {
|
|
145
|
+
frameAncestors = [`*.${getICDomain(microsEnv, icOptions.icLabel)}`];
|
|
146
|
+
}
|
|
147
|
+
break;
|
|
148
|
+
case 'prod':
|
|
149
|
+
default:
|
|
150
|
+
frameAncestors = [
|
|
151
|
+
'*.atlassian.net',
|
|
152
|
+
'bitbucket.org',
|
|
153
|
+
'*.jira.com',
|
|
154
|
+
'*.atlassian.com',
|
|
155
|
+
'*.frontend.public.atl-paas.net'
|
|
156
|
+
];
|
|
157
|
+
break;
|
|
145
158
|
}
|
|
146
159
|
if (hostname) {
|
|
147
160
|
frameAncestors.push(hostname);
|
|
148
161
|
}
|
|
149
162
|
return frameAncestors;
|
|
150
163
|
}
|
|
151
|
-
getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP }) => {
|
|
152
|
-
const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv);
|
|
164
|
+
getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions }) => {
|
|
165
|
+
const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv, icOptions);
|
|
153
166
|
const defaultSrc = `'self'`;
|
|
154
|
-
const frameAncestors = ["'self'", ...this.getFrameAncestors(microsEnv, hostname)].join(' ');
|
|
167
|
+
const frameAncestors = ["'self'", ...this.getFrameAncestors(microsEnv, hostname, icOptions)].join(' ');
|
|
155
168
|
const frameSrc = ["'self'", hostname, ...this.getExistingCSPDetails(types_1.ExternalCspType.FRAME_SRC, existingCSPDetails)]
|
|
156
169
|
.filter((a) => a)
|
|
157
170
|
.join(' ');
|
|
@@ -162,7 +175,7 @@ class CSPInjectionService {
|
|
|
162
175
|
'blob:',
|
|
163
176
|
hostname,
|
|
164
177
|
...exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS,
|
|
165
|
-
...exports.
|
|
178
|
+
...(0, exports.getAtlassianImageHost)(microsEnv, icOptions),
|
|
166
179
|
...this.getExistingCSPDetails(types_1.ExternalCspType.IMG_SRC, existingCSPDetails)
|
|
167
180
|
]
|
|
168
181
|
.filter((a) => a)
|
|
@@ -172,24 +185,24 @@ class CSPInjectionService {
|
|
|
172
185
|
'data:',
|
|
173
186
|
'blob:',
|
|
174
187
|
hostname,
|
|
175
|
-
ATLASSIAN_MEDIA_GATEWAY_HOST
|
|
188
|
+
getAtlassianHost('ATLASSIAN_MEDIA_GATEWAY_HOST', microsEnv, icOptions),
|
|
176
189
|
...this.getExistingCSPDetails(types_1.ExternalCspType.MEDIA_SRC, existingCSPDetails)
|
|
177
190
|
]
|
|
178
191
|
.filter((a) => a)
|
|
179
192
|
.join(' ');
|
|
180
193
|
const connectSrc = [
|
|
181
194
|
"'self'",
|
|
182
|
-
...this.getConnectSrc(microsEnv, !!tunnelCSPReporterUri),
|
|
195
|
+
...this.getConnectSrc(microsEnv, !!tunnelCSPReporterUri, icOptions),
|
|
183
196
|
...this.getExistingCSPDetails(types_1.ExternalCspType.CONNECT_SRC, existingCSPDetails)
|
|
184
197
|
].join(' ');
|
|
185
198
|
const scriptSrc = [
|
|
186
199
|
"'self'",
|
|
187
|
-
this.getForgeGlobalCSP(microsEnv, isFedRAMP),
|
|
200
|
+
this.getForgeGlobalCSP(microsEnv, isFedRAMP, icOptions),
|
|
188
201
|
...this.getExistingCSPDetails(types_1.ExternalCspType.SCRIPT_SRC, existingCSPDetails)
|
|
189
202
|
].join(' ');
|
|
190
203
|
const styleSrc = [
|
|
191
204
|
"'self'",
|
|
192
|
-
this.getForgeGlobalCSP(microsEnv, isFedRAMP),
|
|
205
|
+
this.getForgeGlobalCSP(microsEnv, isFedRAMP, icOptions),
|
|
193
206
|
...this.getExistingCSPDetails(types_1.ExternalCspType.STYLE_SRC, existingCSPDetails)
|
|
194
207
|
].join(' ');
|
|
195
208
|
return [
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@forge/csp",
|
|
3
|
-
"version": "4.
|
|
3
|
+
"version": "4.2.0-experimental-959d7b9",
|
|
4
4
|
"description": "Contains the CSP configuration for Custom UI resources in Forge",
|
|
5
5
|
"main": "out/index.js",
|
|
6
6
|
"author": "Atlassian",
|
|
@@ -11,8 +11,8 @@
|
|
|
11
11
|
"clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
|
|
12
12
|
},
|
|
13
13
|
"devDependencies": {
|
|
14
|
-
"@forge/cli-shared": "8.
|
|
15
|
-
"@forge/manifest": "10.
|
|
14
|
+
"@forge/cli-shared": "8.2.0",
|
|
15
|
+
"@forge/manifest": "10.2.0",
|
|
16
16
|
"@types/jest": "^29.5.14",
|
|
17
17
|
"@types/node": "20.19.1"
|
|
18
18
|
},
|