@forge/csp 5.1.2-next.0 → 5.2.0-next.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,17 @@
|
|
|
1
1
|
# @forge/csp
|
|
2
2
|
|
|
3
|
+
## 5.2.0-next.2
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- 6864e48: Adding FOS to img-src and script-src CSP
|
|
8
|
+
|
|
9
|
+
## 5.2.0-next.1
|
|
10
|
+
|
|
11
|
+
### Minor Changes
|
|
12
|
+
|
|
13
|
+
- 5403345: Adding FOS to connect-src CSP
|
|
14
|
+
|
|
3
15
|
## 5.1.2-next.0
|
|
4
16
|
|
|
5
17
|
### Patch Changes
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAsI1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAUjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IA6BrB,OAAO,CAAC,iBAAiB;IAiDlB,gBAAgB;4BAQD,UAAU;mBACnB,iBAAiB;;;;;UAK1B,MAAM,EAAE,CAoEV;CACH"}
|
|
@@ -73,6 +73,14 @@ const ATLASSIAN_HOST = {
|
|
|
73
73
|
'fedramp-stg': '',
|
|
74
74
|
'fedramp-prod': '',
|
|
75
75
|
...makeICHosts((env, icOptions) => '')
|
|
76
|
+
},
|
|
77
|
+
ATLASSIAN_FOS_HOST: {
|
|
78
|
+
dev: 'https://tdp-os.dev.services.atlassian.com',
|
|
79
|
+
stg: 'https://tdp-os.stg.services.atlassian.com',
|
|
80
|
+
prod: 'https://tdp-os.services.atlassian.com',
|
|
81
|
+
'fedramp-stg': 'https://tdp-os.stg.services.atlassian-us-gov-mod.com',
|
|
82
|
+
'fedramp-prod': 'https://tdp-os.services.atlassian-us-gov-mod.com',
|
|
83
|
+
...makeICHosts((env, icOptions) => `https://tdp-os.services.${getICDomain(env, icOptions)}`)
|
|
76
84
|
}
|
|
77
85
|
};
|
|
78
86
|
const getAtlassianHost = (hostType, microsEnv, icOptions) => {
|
|
@@ -85,6 +93,17 @@ const getAtlassianHost = (hostType, microsEnv, icOptions) => {
|
|
|
85
93
|
}
|
|
86
94
|
return hostMap[microsEnv];
|
|
87
95
|
};
|
|
96
|
+
const getFOSHost = (microsEnv, icOptions) => {
|
|
97
|
+
const fosHost = getAtlassianHost('ATLASSIAN_FOS_HOST', microsEnv, icOptions);
|
|
98
|
+
return [
|
|
99
|
+
`${fosHost}/fos-eap/upload/*/`,
|
|
100
|
+
`${fosHost}/fos-eap/download/*/`,
|
|
101
|
+
`${fosHost}/fop/app/upload/*/`,
|
|
102
|
+
`${fosHost}/fop/app/download/*/`,
|
|
103
|
+
`${fosHost}/fop/cdn/upload/*/`,
|
|
104
|
+
`${fosHost}/fop/cdn/download/*/`
|
|
105
|
+
];
|
|
106
|
+
};
|
|
88
107
|
const getAtlassianImageHost = (microsEnv, icOptions) => {
|
|
89
108
|
return [
|
|
90
109
|
`https://${getAtlassianHost('ATLASSIAN_AVATAR_HOST', microsEnv, icOptions)}`,
|
|
@@ -115,6 +134,7 @@ class CSPInjectionService {
|
|
|
115
134
|
hostname,
|
|
116
135
|
...exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS,
|
|
117
136
|
...(0, exports.getAtlassianImageHost)(microsEnv, icOptions),
|
|
137
|
+
...getFOSHost(microsEnv, icOptions),
|
|
118
138
|
...this.getExistingCSPDetails(types_1.ExternalCspType.IMG_SRC, existingCSPDetails)
|
|
119
139
|
]
|
|
120
140
|
.filter((a) => a)
|
|
@@ -137,6 +157,7 @@ class CSPInjectionService {
|
|
|
137
157
|
const scriptSrc = [
|
|
138
158
|
"'self'",
|
|
139
159
|
this.getForgeGlobalCSP(microsEnv, isFedRAMP, icOptions),
|
|
160
|
+
...getFOSHost(microsEnv, icOptions),
|
|
140
161
|
...this.getExistingCSPDetails(types_1.ExternalCspType.SCRIPT_SRC, existingCSPDetails)
|
|
141
162
|
].join(' ');
|
|
142
163
|
const styleSrc = [
|
|
@@ -200,6 +221,7 @@ class CSPInjectionService {
|
|
|
200
221
|
if (fopGeHost) {
|
|
201
222
|
allowed.push(fopGeHost);
|
|
202
223
|
}
|
|
224
|
+
allowed.push(...getFOSHost(microsEnv, icOptions));
|
|
203
225
|
return allowed;
|
|
204
226
|
}
|
|
205
227
|
getFrameAncestors(microsEnv, hostname, icOptions) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@forge/csp",
|
|
3
|
-
"version": "5.
|
|
3
|
+
"version": "5.2.0-next.2",
|
|
4
4
|
"description": "Contains the CSP configuration for Custom UI resources in Forge",
|
|
5
5
|
"main": "out/index.js",
|
|
6
6
|
"author": "Atlassian",
|
|
@@ -11,8 +11,8 @@
|
|
|
11
11
|
"clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
|
|
12
12
|
},
|
|
13
13
|
"devDependencies": {
|
|
14
|
-
"@forge/cli-shared": "8.8.1-next.
|
|
15
|
-
"@forge/manifest": "10.
|
|
14
|
+
"@forge/cli-shared": "8.8.1-next.1",
|
|
15
|
+
"@forge/manifest": "10.8.0-next.1",
|
|
16
16
|
"@types/jest": "^29.5.14",
|
|
17
17
|
"@types/node": "20.19.1",
|
|
18
18
|
"cheerio": "^1.1.0"
|