@forge/csp 5.2.0-next.1 → 5.2.0-next.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +12 -0
  2. package/out/csp/csp-injection-service.d.ts.map +1 -1
  3. package/out/csp/csp-injection-service.js +20 -10
  4. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,17 @@
1
1
  # @forge/csp
2
2
 
3
+ ## 5.2.0-next.3
4
+
5
+ ### Patch Changes
6
+
7
+ - f45e95a: Adding FOS to font-src and style-src CSP
8
+
9
+ ## 5.2.0-next.2
10
+
11
+ ### Patch Changes
12
+
13
+ - 6864e48: Adding FOS to img-src and script-src CSP
14
+
3
15
  ## 5.2.0-next.1
4
16
 
5
17
  ### Minor Changes
package/out/csp/csp-injection-service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AA0H1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAUjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAsCrB,OAAO,CAAC,iBAAiB;IAiDlB,gBAAgB;4BAQD,UAAU;mBACnB,iBAAiB;;;;;UAK1B,MAAM,EAAE,CAkEV;CACH"}
1
+ {"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAsI1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAUjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IA6BrB,OAAO,CAAC,iBAAiB;IAiDlB,gBAAgB;4BAQD,UAAU;mBACnB,iBAAiB;;;;;UAK1B,MAAM,EAAE,CAyEV;CACH"}
package/out/csp/csp-injection-service.js CHANGED
@@ -93,6 +93,17 @@ const getAtlassianHost = (hostType, microsEnv, icOptions) => {
93
93
  }
94
94
  return hostMap[microsEnv];
95
95
  };
96
+ const getFOSHost = (microsEnv, icOptions) => {
97
+ const fosHost = getAtlassianHost('ATLASSIAN_FOS_HOST', microsEnv, icOptions);
98
+ return [
99
+ `${fosHost}/fos-eap/upload/*/`,
100
+ `${fosHost}/fos-eap/download/*/`,
101
+ `${fosHost}/fop/app/upload/*/`,
102
+ `${fosHost}/fop/app/download/*/`,
103
+ `${fosHost}/fop/cdn/upload/*/`,
104
+ `${fosHost}/fop/cdn/download/*/`
105
+ ];
106
+ };
96
107
  const getAtlassianImageHost = (microsEnv, icOptions) => {
97
108
  return [
98
109
  `https://${getAtlassianHost('ATLASSIAN_AVATAR_HOST', microsEnv, icOptions)}`,
@@ -115,7 +126,11 @@ class CSPInjectionService {
115
126
  const frameSrc = ["'self'", hostname, ...this.getExistingCSPDetails(types_1.ExternalCspType.FRAME_SRC, existingCSPDetails)]
116
127
  .filter((a) => a)
117
128
  .join(' ');
118
- const fontSrc = ["'self'", ...this.getExistingCSPDetails(types_1.ExternalCspType.FONT_SRC, existingCSPDetails)].join(' ');
129
+ const fontSrc = [
130
+ "'self'",
131
+ ...getFOSHost(microsEnv, icOptions),
132
+ ...this.getExistingCSPDetails(types_1.ExternalCspType.FONT_SRC, existingCSPDetails)
133
+ ].join(' ');
119
134
  const imgSrc = [
120
135
  "'self'",
121
136
  'data:',
@@ -123,6 +138,7 @@ class CSPInjectionService {
123
138
  hostname,
124
139
  ...exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS,
125
140
  ...(0, exports.getAtlassianImageHost)(microsEnv, icOptions),
141
+ ...getFOSHost(microsEnv, icOptions),
126
142
  ...this.getExistingCSPDetails(types_1.ExternalCspType.IMG_SRC, existingCSPDetails)
127
143
  ]
128
144
  .filter((a) => a)
@@ -145,12 +161,14 @@ class CSPInjectionService {
145
161
  const scriptSrc = [
146
162
  "'self'",
147
163
  this.getForgeGlobalCSP(microsEnv, isFedRAMP, icOptions),
164
+ ...getFOSHost(microsEnv, icOptions),
148
165
  ...this.getExistingCSPDetails(types_1.ExternalCspType.SCRIPT_SRC, existingCSPDetails)
149
166
  ].join(' ');
150
167
  const styleSrc = [
151
168
  "'self'",
152
169
  hostname,
153
170
  this.getForgeGlobalCSP(microsEnv, isFedRAMP, icOptions),
171
+ ...getFOSHost(microsEnv, icOptions),
154
172
  ...this.getExistingCSPDetails(types_1.ExternalCspType.STYLE_SRC, existingCSPDetails)
155
173
  ]
156
174
  .filter((a) => a)
@@ -208,15 +226,7 @@ class CSPInjectionService {
208
226
  if (fopGeHost) {
209
227
  allowed.push(fopGeHost);
210
228
  }
211
- const fosHost = getAtlassianHost('ATLASSIAN_FOS_HOST', microsEnv, icOptions);
212
- if (fosHost) {
213
- allowed.push(`${fosHost}/fos-eap/upload/*/`);
214
- allowed.push(`${fosHost}/fos-eap/download/*/`);
215
- allowed.push(`${fosHost}/fop/app/upload/*/`);
216
- allowed.push(`${fosHost}/fop/app/download/*/`);
217
- allowed.push(`${fosHost}/fop/cdn/upload/*/`);
218
- allowed.push(`${fosHost}/fop/cdn/download/*/`);
219
- }
229
+ allowed.push(...getFOSHost(microsEnv, icOptions));
220
230
  return allowed;
221
231
  }
222
232
  getFrameAncestors(microsEnv, hostname, icOptions) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@forge/csp",
3
- "version": "5.2.0-next.1",
3
+ "version": "5.2.0-next.3",
4
4
  "description": "Contains the CSP configuration for Custom UI resources in Forge",
5
5
  "main": "out/index.js",
6
6
  "author": "Atlassian",