@forge/csp 4.1.0 → 4.2.0-experimental-959d7b9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,23 @@
|
|
|
1
1
|
# @forge/csp
|
|
2
2
|
|
|
3
|
+
## 4.2.0-experimental-959d7b9
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- aebd633: Patch @forge/csp IC frame ancestors csp bug
|
|
8
|
+
|
|
9
|
+
## 4.2.0
|
|
10
|
+
|
|
11
|
+
### Minor Changes
|
|
12
|
+
|
|
13
|
+
- cfde21e: Add CSP Urls for IC environment
|
|
14
|
+
|
|
15
|
+
## 4.2.0-next.0
|
|
16
|
+
|
|
17
|
+
### Minor Changes
|
|
18
|
+
|
|
19
|
+
- cfde21e: Add CSP Urls for IC environment
|
|
20
|
+
|
|
3
21
|
## 4.1.0
|
|
4
22
|
|
|
5
23
|
### Minor Changes
|
|
@@ -1,21 +1,26 @@
|
|
|
1
1
|
import type { LambdaEnvironment } from '@forge/cli-shared';
|
|
2
2
|
import { CSPDetails } from '../types';
|
|
3
|
-
|
|
4
|
-
|
|
3
|
+
declare type IcOptions = {
|
|
4
|
+
icLabel: string;
|
|
5
|
+
serviceName: string;
|
|
5
6
|
};
|
|
7
|
+
export declare const getAtlassianImageHost: (microsEnv: LambdaEnvironment, icOptions?: IcOptions) => string[];
|
|
6
8
|
export declare const EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS: string[];
|
|
7
9
|
export declare class CSPInjectionService {
|
|
8
10
|
private getCSPReportUri;
|
|
9
11
|
private getForgeGlobalCSP;
|
|
12
|
+
private getMetalClientCSP;
|
|
10
13
|
private getExistingCSPDetails;
|
|
11
14
|
private getConnectSrc;
|
|
12
15
|
private getFrameAncestors;
|
|
13
|
-
getInjectableCSP: ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP }: {
|
|
16
|
+
getInjectableCSP: ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions }: {
|
|
14
17
|
existingCSPDetails: CSPDetails;
|
|
15
18
|
microsEnv: LambdaEnvironment;
|
|
16
19
|
tunnelCSPReporterUri?: string | undefined;
|
|
17
20
|
hostname?: string | undefined;
|
|
18
21
|
isFedRAMP?: boolean | undefined;
|
|
22
|
+
icOptions?: IcOptions | undefined;
|
|
19
23
|
}) => string[];
|
|
20
24
|
}
|
|
25
|
+
export {};
|
|
21
26
|
//# sourceMappingURL=csp-injection-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,SAAS,GAAG;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAiGF,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAUjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAqBrB,OAAO,CAAC,iBAAiB;IAiDlB,gBAAgB;4BAQD,UAAU;mBACnB,iBAAiB;;;;;UAK1B,MAAM,EAAE,CA8DV;CACH"}
|
|
@@ -1,157 +1,170 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.CSPInjectionService = exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS = exports.
|
|
3
|
+
exports.CSPInjectionService = exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS = exports.getAtlassianImageHost = void 0;
|
|
4
4
|
const types_1 = require("../types");
|
|
5
|
-
const
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
};
|
|
12
|
-
const ATLASSIAN_MEDIA_GATEWAY_HOST = {
|
|
13
|
-
dev: 'https://media.dev.atl-paas.net',
|
|
14
|
-
stg: 'https://media.staging.atl-paas.net',
|
|
15
|
-
prod: 'https://api.media.atlassian.com',
|
|
16
|
-
'fedramp-stg': 'https://api-media.stg.atlassian-us-gov-mod.com',
|
|
17
|
-
'fedramp-prod': 'https://api-media.atlassian-us-gov-mod.com'
|
|
18
|
-
};
|
|
19
|
-
const ATLASSIAN_AVATAR_HOST = {
|
|
20
|
-
dev: 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
|
|
21
|
-
stg: 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
|
|
22
|
-
prod: 'avatar-management--avatars.us-west-2.prod.public.atl-paas.net',
|
|
23
|
-
'fedramp-stg': 'avatar-management--avatars.us-east-1.staging.cdn.atlassian-us-gov-mod.com',
|
|
24
|
-
'fedramp-prod': 'avatar-management--avatars.us-east-1.prod.cdn.atlassian-us-gov-mod.com'
|
|
25
|
-
};
|
|
26
|
-
const ATLASSIAN_TEAM_HEADER_HOST = {
|
|
27
|
-
dev: 'https://ptc-directory-sited-static.us-east-1.staging.public.atl-paas.net/gradients/',
|
|
28
|
-
stg: 'https://ptc-directory-sited-static.us-east-1.staging.public.atl-paas.net/gradients/',
|
|
29
|
-
prod: 'https://ptc-directory-sited-static.us-east-1.prod.public.atl-paas.net/gradients/',
|
|
30
|
-
'fedramp-stg': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/',
|
|
31
|
-
'fedramp-prod': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/'
|
|
5
|
+
const isICEnvKey = (env) => env === 'ic-prod' || env === 'ic-stg';
|
|
6
|
+
const getICDomain = (env, icLabel) => `${icLabel}.${env === 'ic-prod' ? 'atlassian-isolated.net' : 'oasis-stg.com'}`;
|
|
7
|
+
const makeICHosts = (targetHostFunction) => {
|
|
8
|
+
return {
|
|
9
|
+
'ic-stg': (icOptions) => targetHostFunction('ic-stg', icOptions),
|
|
10
|
+
'ic-prod': (icOptions) => targetHostFunction('ic-prod', icOptions)
|
|
11
|
+
};
|
|
32
12
|
};
|
|
33
|
-
const
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
13
|
+
const ATLASSIAN_HOST = {
|
|
14
|
+
ATLASSIAN_API_GATEWAY_HOST: {
|
|
15
|
+
dev: 'https://api.dev.atlassian.com',
|
|
16
|
+
stg: 'https://api.stg.atlassian.com',
|
|
17
|
+
prod: 'https://api.atlassian.com',
|
|
18
|
+
'fedramp-stg': 'https://api.stg.atlassian-us-gov-mod.com',
|
|
19
|
+
'fedramp-prod': 'https://api.atlassian-us-gov-mod.com',
|
|
20
|
+
...makeICHosts((env, { icLabel }) => `https://api.${getICDomain(env, icLabel)}`)
|
|
21
|
+
},
|
|
22
|
+
ATLASSIAN_MEDIA_GATEWAY_HOST: {
|
|
23
|
+
dev: 'https://media.dev.atl-paas.net',
|
|
24
|
+
stg: 'https://media.staging.atl-paas.net',
|
|
25
|
+
prod: 'https://api.media.atlassian.com',
|
|
26
|
+
'fedramp-stg': 'https://api-media.stg.atlassian-us-gov-mod.com',
|
|
27
|
+
'fedramp-prod': 'https://api-media.atlassian-us-gov-mod.com',
|
|
28
|
+
...makeICHosts((env, { icLabel }) => `https://media-api.${getICDomain(env, icLabel)}`)
|
|
29
|
+
},
|
|
30
|
+
ATLASSIAN_AVATAR_HOST: {
|
|
31
|
+
dev: 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
|
|
32
|
+
stg: 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
|
|
33
|
+
prod: 'avatar-management--avatars.us-west-2.prod.public.atl-paas.net',
|
|
34
|
+
'fedramp-stg': 'avatar-management--avatars.us-east-1.staging.cdn.atlassian-us-gov-mod.com',
|
|
35
|
+
'fedramp-prod': 'avatar-management--avatars.us-east-1.prod.cdn.atlassian-us-gov-mod.com',
|
|
36
|
+
'ic-stg': (_icOptions) => 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
|
|
37
|
+
'ic-prod': (_icOptions) => 'avatar-management--avatars.us-west-2.prod.public.atl-paas.net'
|
|
38
|
+
},
|
|
39
|
+
ATLASSIAN_TEAM_HEADER_HOST: {
|
|
40
|
+
dev: 'https://ptc-directory-sited-static.us-east-1.staging.public.atl-paas.net/gradients/',
|
|
41
|
+
stg: 'https://ptc-directory-sited-static.us-east-1.staging.public.atl-paas.net/gradients/',
|
|
42
|
+
prod: 'https://ptc-directory-sited-static.us-east-1.prod.public.atl-paas.net/gradients/',
|
|
43
|
+
'fedramp-stg': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/',
|
|
44
|
+
'fedramp-prod': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/',
|
|
45
|
+
...makeICHosts((env, { icLabel }) => `https://teams-directory-frontend.services.${getICDomain(env, icLabel)}/bfa/`)
|
|
46
|
+
},
|
|
47
|
+
ATLASSIAN_TEAM_AVATAR_HOST: {
|
|
48
|
+
dev: 'https://teams-directory-frontend.stg-east.frontend.public.atl-paas.net/assets/',
|
|
49
|
+
stg: 'https://teams-directory-frontend.stg-east.frontend.public.atl-paas.net/assets/',
|
|
50
|
+
prod: 'https://teams-directory-frontend.prod-east.frontend.public.atl-paas.net/assets/',
|
|
51
|
+
'fedramp-stg': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/',
|
|
52
|
+
'fedramp-prod': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/',
|
|
53
|
+
...makeICHosts((env, { icLabel }) => `https://teams-directory-frontend.services.${getICDomain(env, icLabel)}/bfa/`)
|
|
54
|
+
},
|
|
55
|
+
ATLASSIAN_EMOJIS_HOST: {
|
|
56
|
+
dev: 'https://pf-emoji-service--cdn.ap-southeast-2.dev.public.atl-paas.net',
|
|
57
|
+
stg: 'https://pf-emoji-service--cdn.us-east-1.staging.public.atl-paas.net',
|
|
58
|
+
prod: 'https://pf-emoji-service--cdn.us-east-1.prod.public.atl-paas.net',
|
|
59
|
+
'fedramp-stg': 'https://pf-emoji-service--cdn.us-east-1.staging.cdn.atlassian-us-gov-mod.com',
|
|
60
|
+
'fedramp-prod': 'https://pf-emoji-service--cdn.us-east-1.prod.cdn.atlassian-us-gov-mod.com',
|
|
61
|
+
...makeICHosts((env, { icLabel }) => `https://pf-emoji-service.${getICDomain(env, icLabel)}`)
|
|
62
|
+
}
|
|
39
63
|
};
|
|
40
|
-
const
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
64
|
+
const getAtlassianHost = (hostType, microsEnv, icOptions) => {
|
|
65
|
+
const hostMap = ATLASSIAN_HOST[hostType];
|
|
66
|
+
if (isICEnvKey(microsEnv)) {
|
|
67
|
+
if (!icOptions) {
|
|
68
|
+
throw new Error('Missing IC label');
|
|
69
|
+
}
|
|
70
|
+
return hostMap[microsEnv](icOptions);
|
|
71
|
+
}
|
|
72
|
+
return hostMap[microsEnv];
|
|
46
73
|
};
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
`https://${ATLASSIAN_AVATAR_HOST
|
|
50
|
-
`https://*.wp.com/${ATLASSIAN_AVATAR_HOST
|
|
51
|
-
ATLASSIAN_API_GATEWAY_HOST
|
|
52
|
-
ATLASSIAN_MEDIA_GATEWAY_HOST
|
|
53
|
-
ATLASSIAN_EMOJIS_HOST
|
|
54
|
-
ATLASSIAN_TEAM_AVATAR_HOST
|
|
55
|
-
ATLASSIAN_TEAM_HEADER_HOST
|
|
56
|
-
]
|
|
57
|
-
stg: [
|
|
58
|
-
`https://${ATLASSIAN_AVATAR_HOST['stg']}`,
|
|
59
|
-
`https://*.wp.com/${ATLASSIAN_AVATAR_HOST['stg']}/`,
|
|
60
|
-
ATLASSIAN_API_GATEWAY_HOST['stg'],
|
|
61
|
-
ATLASSIAN_MEDIA_GATEWAY_HOST['stg'],
|
|
62
|
-
ATLASSIAN_EMOJIS_HOST['stg'],
|
|
63
|
-
ATLASSIAN_TEAM_AVATAR_HOST['stg'],
|
|
64
|
-
ATLASSIAN_TEAM_HEADER_HOST['stg']
|
|
65
|
-
],
|
|
66
|
-
prod: [
|
|
67
|
-
`https://${ATLASSIAN_AVATAR_HOST['prod']}`,
|
|
68
|
-
`https://*.wp.com/${ATLASSIAN_AVATAR_HOST['prod']}/`,
|
|
69
|
-
ATLASSIAN_API_GATEWAY_HOST['prod'],
|
|
70
|
-
ATLASSIAN_MEDIA_GATEWAY_HOST['prod'],
|
|
71
|
-
ATLASSIAN_EMOJIS_HOST['prod'],
|
|
72
|
-
ATLASSIAN_TEAM_AVATAR_HOST['prod'],
|
|
73
|
-
ATLASSIAN_TEAM_HEADER_HOST['prod']
|
|
74
|
-
],
|
|
75
|
-
'fedramp-stg': [
|
|
76
|
-
`https://${ATLASSIAN_AVATAR_HOST['fedramp-stg']}`,
|
|
77
|
-
`https://*.wp.com/${ATLASSIAN_AVATAR_HOST['fedramp-stg']}/`,
|
|
78
|
-
ATLASSIAN_API_GATEWAY_HOST['fedramp-stg'],
|
|
79
|
-
ATLASSIAN_MEDIA_GATEWAY_HOST['fedramp-stg'],
|
|
80
|
-
ATLASSIAN_EMOJIS_HOST['fedramp-stg'],
|
|
81
|
-
ATLASSIAN_TEAM_AVATAR_HOST['fedramp-stg'],
|
|
82
|
-
ATLASSIAN_TEAM_HEADER_HOST['fedramp-stg']
|
|
83
|
-
],
|
|
84
|
-
'fedramp-prod': [
|
|
85
|
-
`https://${ATLASSIAN_AVATAR_HOST['fedramp-prod']}`,
|
|
86
|
-
`https://*.wp.com/${ATLASSIAN_AVATAR_HOST['fedramp-prod']}/`,
|
|
87
|
-
ATLASSIAN_API_GATEWAY_HOST['fedramp-prod'],
|
|
88
|
-
ATLASSIAN_MEDIA_GATEWAY_HOST['fedramp-prod'],
|
|
89
|
-
ATLASSIAN_EMOJIS_HOST['fedramp-prod'],
|
|
90
|
-
ATLASSIAN_TEAM_AVATAR_HOST['fedramp-prod'],
|
|
91
|
-
ATLASSIAN_TEAM_HEADER_HOST['fedramp-prod']
|
|
92
|
-
]
|
|
74
|
+
const getAtlassianImageHost = (microsEnv, icOptions) => {
|
|
75
|
+
return [
|
|
76
|
+
`https://${getAtlassianHost('ATLASSIAN_AVATAR_HOST', microsEnv, icOptions)}`,
|
|
77
|
+
`https://*.wp.com/${getAtlassianHost('ATLASSIAN_AVATAR_HOST', microsEnv, icOptions)}/`,
|
|
78
|
+
getAtlassianHost('ATLASSIAN_API_GATEWAY_HOST', microsEnv, icOptions),
|
|
79
|
+
getAtlassianHost('ATLASSIAN_MEDIA_GATEWAY_HOST', microsEnv, icOptions),
|
|
80
|
+
getAtlassianHost('ATLASSIAN_EMOJIS_HOST', microsEnv, icOptions),
|
|
81
|
+
getAtlassianHost('ATLASSIAN_TEAM_AVATAR_HOST', microsEnv, icOptions),
|
|
82
|
+
getAtlassianHost('ATLASSIAN_TEAM_HEADER_HOST', microsEnv, icOptions)
|
|
83
|
+
];
|
|
93
84
|
};
|
|
85
|
+
exports.getAtlassianImageHost = getAtlassianImageHost;
|
|
94
86
|
exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS = ['https://secure.gravatar.com', 'https://images.unsplash.com'];
|
|
95
87
|
class CSPInjectionService {
|
|
96
|
-
getCSPReportUri(microsEnv) {
|
|
88
|
+
getCSPReportUri(microsEnv, icOptions) {
|
|
89
|
+
const serviceName = isICEnvKey(microsEnv) && icOptions ? icOptions.serviceName : 'forge-cdn';
|
|
97
90
|
if (microsEnv === 'dev' || microsEnv === 'stg')
|
|
98
|
-
return
|
|
99
|
-
return
|
|
91
|
+
return `https://web-security-reports.stg.services.atlassian.com/csp-report/${serviceName}`;
|
|
92
|
+
return `https://web-security-reports.services.atlassian.com/csp-report/${serviceName}`;
|
|
100
93
|
}
|
|
101
|
-
getForgeGlobalCSP(microsEnv, isFedRAMP = false) {
|
|
94
|
+
getForgeGlobalCSP(microsEnv, isFedRAMP = false, icOptions) {
|
|
95
|
+
if (isICEnvKey(microsEnv) && icOptions) {
|
|
96
|
+
return `https://forge.forge-cdn.${getICDomain(microsEnv, icOptions.icLabel)}`;
|
|
97
|
+
}
|
|
102
98
|
return isFedRAMP
|
|
103
99
|
? `https://forge.cdn.${microsEnv.split('-')[1]}.atlassian-dev-us-gov-mod.net`
|
|
104
100
|
: `https://forge.cdn.${microsEnv}.atlassian-dev.net`;
|
|
105
101
|
}
|
|
102
|
+
getMetalClientCSP(microsEnv, icOptions) {
|
|
103
|
+
if (isICEnvKey(microsEnv) && icOptions) {
|
|
104
|
+
return `https://api.${getICDomain(microsEnv, icOptions.icLabel)}/metal/ingest`;
|
|
105
|
+
}
|
|
106
|
+
return `https://api.${microsEnv === 'prod' ? '' : 'stg.'}atlassian.com/metal/ingest`;
|
|
107
|
+
}
|
|
106
108
|
getExistingCSPDetails(cspType, cspDetails) {
|
|
107
109
|
return cspDetails[cspType] ?? [];
|
|
108
110
|
}
|
|
109
|
-
getConnectSrc(microsEnv, isTunnelling) {
|
|
111
|
+
getConnectSrc(microsEnv, isTunnelling, icOptions) {
|
|
110
112
|
const allowed = [];
|
|
111
113
|
if (isTunnelling) {
|
|
112
114
|
allowed.push(...['ws://localhost:*', 'http://localhost:*']);
|
|
113
115
|
}
|
|
114
|
-
|
|
115
|
-
allowed.push(
|
|
116
|
-
allowed.push(
|
|
116
|
+
const metalClientCSP = this.getMetalClientCSP(microsEnv, icOptions);
|
|
117
|
+
allowed.push(metalClientCSP);
|
|
118
|
+
allowed.push(`${getAtlassianHost('ATLASSIAN_API_GATEWAY_HOST', microsEnv, icOptions)}/gateway/api/emoji/`);
|
|
119
|
+
allowed.push(getAtlassianHost('ATLASSIAN_MEDIA_GATEWAY_HOST', microsEnv, icOptions));
|
|
117
120
|
return allowed;
|
|
118
121
|
}
|
|
119
|
-
getFrameAncestors(microsEnv, hostname) {
|
|
122
|
+
getFrameAncestors(microsEnv, hostname, icOptions) {
|
|
120
123
|
let frameAncestors = [];
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
124
|
+
switch (microsEnv) {
|
|
125
|
+
case 'dev':
|
|
126
|
+
case 'stg':
|
|
127
|
+
frameAncestors = [
|
|
128
|
+
'*.jira-dev.com',
|
|
129
|
+
'http://localhost:*',
|
|
130
|
+
'http://devbucket.localhost',
|
|
131
|
+
'https://integration.bb-inf.net',
|
|
132
|
+
'*.atl-paas.net',
|
|
133
|
+
'*.stg.atlassian.com'
|
|
134
|
+
];
|
|
135
|
+
break;
|
|
136
|
+
case 'fedramp-stg':
|
|
137
|
+
frameAncestors = ['*.atlassian-stg-fedm.net'];
|
|
138
|
+
break;
|
|
139
|
+
case 'fedramp-prod':
|
|
140
|
+
frameAncestors = ['*.atlassian-us-gov-mod.net'];
|
|
141
|
+
break;
|
|
142
|
+
case 'ic-stg':
|
|
143
|
+
case 'ic-prod':
|
|
144
|
+
if (icOptions) {
|
|
145
|
+
frameAncestors = [`*.${getICDomain(microsEnv, icOptions.icLabel)}`];
|
|
146
|
+
}
|
|
147
|
+
break;
|
|
148
|
+
case 'prod':
|
|
149
|
+
default:
|
|
150
|
+
frameAncestors = [
|
|
151
|
+
'*.atlassian.net',
|
|
152
|
+
'bitbucket.org',
|
|
153
|
+
'*.jira.com',
|
|
154
|
+
'*.atlassian.com',
|
|
155
|
+
'*.frontend.public.atl-paas.net'
|
|
156
|
+
];
|
|
157
|
+
break;
|
|
145
158
|
}
|
|
146
159
|
if (hostname) {
|
|
147
160
|
frameAncestors.push(hostname);
|
|
148
161
|
}
|
|
149
162
|
return frameAncestors;
|
|
150
163
|
}
|
|
151
|
-
getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP }) => {
|
|
152
|
-
const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv);
|
|
164
|
+
getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions }) => {
|
|
165
|
+
const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv, icOptions);
|
|
153
166
|
const defaultSrc = `'self'`;
|
|
154
|
-
const frameAncestors = ["'self'", ...this.getFrameAncestors(microsEnv, hostname)].join(' ');
|
|
167
|
+
const frameAncestors = ["'self'", ...this.getFrameAncestors(microsEnv, hostname, icOptions)].join(' ');
|
|
155
168
|
const frameSrc = ["'self'", hostname, ...this.getExistingCSPDetails(types_1.ExternalCspType.FRAME_SRC, existingCSPDetails)]
|
|
156
169
|
.filter((a) => a)
|
|
157
170
|
.join(' ');
|
|
@@ -162,7 +175,7 @@ class CSPInjectionService {
|
|
|
162
175
|
'blob:',
|
|
163
176
|
hostname,
|
|
164
177
|
...exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS,
|
|
165
|
-
...exports.
|
|
178
|
+
...(0, exports.getAtlassianImageHost)(microsEnv, icOptions),
|
|
166
179
|
...this.getExistingCSPDetails(types_1.ExternalCspType.IMG_SRC, existingCSPDetails)
|
|
167
180
|
]
|
|
168
181
|
.filter((a) => a)
|
|
@@ -172,24 +185,24 @@ class CSPInjectionService {
|
|
|
172
185
|
'data:',
|
|
173
186
|
'blob:',
|
|
174
187
|
hostname,
|
|
175
|
-
ATLASSIAN_MEDIA_GATEWAY_HOST
|
|
188
|
+
getAtlassianHost('ATLASSIAN_MEDIA_GATEWAY_HOST', microsEnv, icOptions),
|
|
176
189
|
...this.getExistingCSPDetails(types_1.ExternalCspType.MEDIA_SRC, existingCSPDetails)
|
|
177
190
|
]
|
|
178
191
|
.filter((a) => a)
|
|
179
192
|
.join(' ');
|
|
180
193
|
const connectSrc = [
|
|
181
194
|
"'self'",
|
|
182
|
-
...this.getConnectSrc(microsEnv, !!tunnelCSPReporterUri),
|
|
195
|
+
...this.getConnectSrc(microsEnv, !!tunnelCSPReporterUri, icOptions),
|
|
183
196
|
...this.getExistingCSPDetails(types_1.ExternalCspType.CONNECT_SRC, existingCSPDetails)
|
|
184
197
|
].join(' ');
|
|
185
198
|
const scriptSrc = [
|
|
186
199
|
"'self'",
|
|
187
|
-
this.getForgeGlobalCSP(microsEnv, isFedRAMP),
|
|
200
|
+
this.getForgeGlobalCSP(microsEnv, isFedRAMP, icOptions),
|
|
188
201
|
...this.getExistingCSPDetails(types_1.ExternalCspType.SCRIPT_SRC, existingCSPDetails)
|
|
189
202
|
].join(' ');
|
|
190
203
|
const styleSrc = [
|
|
191
204
|
"'self'",
|
|
192
|
-
this.getForgeGlobalCSP(microsEnv, isFedRAMP),
|
|
205
|
+
this.getForgeGlobalCSP(microsEnv, isFedRAMP, icOptions),
|
|
193
206
|
...this.getExistingCSPDetails(types_1.ExternalCspType.STYLE_SRC, existingCSPDetails)
|
|
194
207
|
].join(' ');
|
|
195
208
|
return [
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@forge/csp",
|
|
3
|
-
"version": "4.
|
|
3
|
+
"version": "4.2.0-experimental-959d7b9",
|
|
4
4
|
"description": "Contains the CSP configuration for Custom UI resources in Forge",
|
|
5
5
|
"main": "out/index.js",
|
|
6
6
|
"author": "Atlassian",
|
|
@@ -11,8 +11,8 @@
|
|
|
11
11
|
"clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
|
|
12
12
|
},
|
|
13
13
|
"devDependencies": {
|
|
14
|
-
"@forge/cli-shared": "8.
|
|
15
|
-
"@forge/manifest": "10.
|
|
14
|
+
"@forge/cli-shared": "8.2.0",
|
|
15
|
+
"@forge/manifest": "10.2.0",
|
|
16
16
|
"@types/jest": "^29.5.14",
|
|
17
17
|
"@types/node": "20.19.1"
|
|
18
18
|
},
|