@forge/csp 5.2.0-next.3 → 5.2.0-next.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,17 @@
|
|
|
1
1
|
# @forge/csp
|
|
2
2
|
|
|
3
|
+
## 5.2.0-next.5
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- 15a3a17: Add FOS download paths to frame-src, frame-ancestors and media-src
|
|
8
|
+
|
|
9
|
+
## 5.2.0-next.4
|
|
10
|
+
|
|
11
|
+
### Patch Changes
|
|
12
|
+
|
|
13
|
+
- bafc49d: add fos hosts to getAtlassianImageHost
|
|
14
|
+
|
|
3
15
|
## 5.2.0-next.3
|
|
4
16
|
|
|
5
17
|
### Patch Changes
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAoI1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IA8BrB,OAAO,CAAC,iBAAiB;IAiDlB,gBAAgB;4BAQD,UAAU;mBACnB,iBAAiB;;;;;UAK1B,MAAM,EAAE,CAkFV;CACH"}
|
|
@@ -93,16 +93,13 @@ const getAtlassianHost = (hostType, microsEnv, icOptions) => {
|
|
|
93
93
|
}
|
|
94
94
|
return hostMap[microsEnv];
|
|
95
95
|
};
|
|
96
|
-
const
|
|
96
|
+
const getFOSHostDownload = (microsEnv, icOptions) => {
|
|
97
97
|
const fosHost = getAtlassianHost('ATLASSIAN_FOS_HOST', microsEnv, icOptions);
|
|
98
|
-
return [
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
`${fosHost}/fop/cdn/upload/*/`,
|
|
104
|
-
`${fosHost}/fop/cdn/download/*/`
|
|
105
|
-
];
|
|
98
|
+
return [`${fosHost}/fos-eap/download/*/`, `${fosHost}/fop/app/download/*/`, `${fosHost}/fop/cdn/download/*/`];
|
|
99
|
+
};
|
|
100
|
+
const getFOSHostUpload = (microsEnv, icOptions) => {
|
|
101
|
+
const fosHost = getAtlassianHost('ATLASSIAN_FOS_HOST', microsEnv, icOptions);
|
|
102
|
+
return [`${fosHost}/fos-eap/upload/*/`, `${fosHost}/fop/app/upload/*/`, `${fosHost}/fop/cdn/upload/*/`];
|
|
106
103
|
};
|
|
107
104
|
const getAtlassianImageHost = (microsEnv, icOptions) => {
|
|
108
105
|
return [
|
|
@@ -112,7 +109,8 @@ const getAtlassianImageHost = (microsEnv, icOptions) => {
|
|
|
112
109
|
getAtlassianHost('ATLASSIAN_MEDIA_GATEWAY_HOST', microsEnv, icOptions),
|
|
113
110
|
getAtlassianHost('ATLASSIAN_EMOJIS_HOST', microsEnv, icOptions),
|
|
114
111
|
getAtlassianHost('ATLASSIAN_TEAM_AVATAR_HOST', microsEnv, icOptions),
|
|
115
|
-
getAtlassianHost('ATLASSIAN_TEAM_HEADER_HOST', microsEnv, icOptions)
|
|
112
|
+
getAtlassianHost('ATLASSIAN_TEAM_HEADER_HOST', microsEnv, icOptions),
|
|
113
|
+
...getFOSHostDownload(microsEnv, icOptions)
|
|
116
114
|
];
|
|
117
115
|
};
|
|
118
116
|
exports.getAtlassianImageHost = getAtlassianImageHost;
|
|
@@ -121,14 +119,23 @@ class CSPInjectionService {
|
|
|
121
119
|
constructor() {
|
|
122
120
|
this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions }) => {
|
|
123
121
|
const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv, icOptions);
|
|
124
|
-
const defaultSrc =
|
|
125
|
-
const frameAncestors = [
|
|
126
|
-
|
|
122
|
+
const defaultSrc = ["'self'", ...getFOSHostDownload(microsEnv, icOptions)].join(' ');
|
|
123
|
+
const frameAncestors = [
|
|
124
|
+
"'self'",
|
|
125
|
+
...this.getFrameAncestors(microsEnv, hostname, icOptions),
|
|
126
|
+
...getFOSHostDownload(microsEnv, icOptions)
|
|
127
|
+
].join(' ');
|
|
128
|
+
const frameSrc = [
|
|
129
|
+
"'self'",
|
|
130
|
+
hostname,
|
|
131
|
+
...this.getExistingCSPDetails(types_1.ExternalCspType.FRAME_SRC, existingCSPDetails),
|
|
132
|
+
...getFOSHostDownload(microsEnv, icOptions)
|
|
133
|
+
]
|
|
127
134
|
.filter((a) => a)
|
|
128
135
|
.join(' ');
|
|
129
136
|
const fontSrc = [
|
|
130
137
|
"'self'",
|
|
131
|
-
...
|
|
138
|
+
...getFOSHostDownload(microsEnv, icOptions),
|
|
132
139
|
...this.getExistingCSPDetails(types_1.ExternalCspType.FONT_SRC, existingCSPDetails)
|
|
133
140
|
].join(' ');
|
|
134
141
|
const imgSrc = [
|
|
@@ -138,7 +145,6 @@ class CSPInjectionService {
|
|
|
138
145
|
hostname,
|
|
139
146
|
...exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS,
|
|
140
147
|
...(0, exports.getAtlassianImageHost)(microsEnv, icOptions),
|
|
141
|
-
...getFOSHost(microsEnv, icOptions),
|
|
142
148
|
...this.getExistingCSPDetails(types_1.ExternalCspType.IMG_SRC, existingCSPDetails)
|
|
143
149
|
]
|
|
144
150
|
.filter((a) => a)
|
|
@@ -149,7 +155,8 @@ class CSPInjectionService {
|
|
|
149
155
|
'blob:',
|
|
150
156
|
hostname,
|
|
151
157
|
getAtlassianHost('ATLASSIAN_MEDIA_GATEWAY_HOST', microsEnv, icOptions),
|
|
152
|
-
...this.getExistingCSPDetails(types_1.ExternalCspType.MEDIA_SRC, existingCSPDetails)
|
|
158
|
+
...this.getExistingCSPDetails(types_1.ExternalCspType.MEDIA_SRC, existingCSPDetails),
|
|
159
|
+
...getFOSHostDownload(microsEnv, icOptions)
|
|
153
160
|
]
|
|
154
161
|
.filter((a) => a)
|
|
155
162
|
.join(' ');
|
|
@@ -161,14 +168,14 @@ class CSPInjectionService {
|
|
|
161
168
|
const scriptSrc = [
|
|
162
169
|
"'self'",
|
|
163
170
|
this.getForgeGlobalCSP(microsEnv, isFedRAMP, icOptions),
|
|
164
|
-
...
|
|
171
|
+
...getFOSHostDownload(microsEnv, icOptions),
|
|
165
172
|
...this.getExistingCSPDetails(types_1.ExternalCspType.SCRIPT_SRC, existingCSPDetails)
|
|
166
173
|
].join(' ');
|
|
167
174
|
const styleSrc = [
|
|
168
175
|
"'self'",
|
|
169
176
|
hostname,
|
|
170
177
|
this.getForgeGlobalCSP(microsEnv, isFedRAMP, icOptions),
|
|
171
|
-
...
|
|
178
|
+
...getFOSHostDownload(microsEnv, icOptions),
|
|
172
179
|
...this.getExistingCSPDetails(types_1.ExternalCspType.STYLE_SRC, existingCSPDetails)
|
|
173
180
|
]
|
|
174
181
|
.filter((a) => a)
|
|
@@ -226,7 +233,8 @@ class CSPInjectionService {
|
|
|
226
233
|
if (fopGeHost) {
|
|
227
234
|
allowed.push(fopGeHost);
|
|
228
235
|
}
|
|
229
|
-
allowed.push(...
|
|
236
|
+
allowed.push(...getFOSHostDownload(microsEnv, icOptions));
|
|
237
|
+
allowed.push(...getFOSHostUpload(microsEnv, icOptions));
|
|
230
238
|
return allowed;
|
|
231
239
|
}
|
|
232
240
|
getFrameAncestors(microsEnv, hostname, icOptions) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@forge/csp",
|
|
3
|
-
"version": "5.2.0-next.
|
|
3
|
+
"version": "5.2.0-next.5",
|
|
4
4
|
"description": "Contains the CSP configuration for Custom UI resources in Forge",
|
|
5
5
|
"main": "out/index.js",
|
|
6
6
|
"author": "Atlassian",
|
|
@@ -11,8 +11,8 @@
|
|
|
11
11
|
"clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
|
|
12
12
|
},
|
|
13
13
|
"devDependencies": {
|
|
14
|
-
"@forge/cli-shared": "8.8.1-next.
|
|
15
|
-
"@forge/manifest": "10.8.0-next.
|
|
14
|
+
"@forge/cli-shared": "8.8.1-next.5",
|
|
15
|
+
"@forge/manifest": "10.8.0-next.5",
|
|
16
16
|
"@types/jest": "^29.5.14",
|
|
17
17
|
"@types/node": "20.19.1",
|
|
18
18
|
"cheerio": "^1.1.0"
|