@forge/csp 5.2.0 → 5.3.0-experimental-b3c33d6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +33 -0
  2. package/out/csp/csp-injection-service.d.ts.map +1 -1
  3. package/out/csp/csp-injection-service.js +4 -2
  4. package/package.json +3 -3
package/CHANGELOG.md CHANGED
@@ -1,5 +1,38 @@
1
1
  # @forge/csp
2
2
 
3
+ ## 5.3.0
4
+
5
+ ### Minor Changes
6
+
7
+ - ee02b2c: Fix OS CSP
8
+ - 8cac1e4: Add Media host domain to frame-src CSP
9
+ - debdb02: Fix OS CSP
10
+ - 428a2be: Add forge global csp to connect-src
11
+
12
+ ## 5.3.0-next.3
13
+
14
+ ### Minor Changes
15
+
16
+ - 428a2be: Add forge global csp to connect-src
17
+
18
+ ## 5.3.0-next.2
19
+
20
+ ### Minor Changes
21
+
22
+ - 8cac1e4: Add Media host domain to frame-src CSP
23
+
24
+ ## 5.3.0-next.1
25
+
26
+ ### Minor Changes
27
+
28
+ - ee02b2c: Fix OS CSP
29
+
30
+ ## 5.3.0-next.0
31
+
32
+ ### Minor Changes
33
+
34
+ - debdb02: Fix OS CSP
35
+
3
36
  ## 5.2.0
4
37
 
5
38
  ### Minor Changes
package/out/csp/csp-injection-service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAoI1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IA8BrB,OAAO,CAAC,iBAAiB;IAiDlB,gBAAgB;4BAQD,UAAU;mBACnB,iBAAiB;;;;;UAK1B,MAAM,EAAE,CAkFV;CACH"}
1
+ {"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAwI1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IA+BrB,OAAO,CAAC,iBAAiB;IAiDlB,gBAAgB;4BAQD,UAAU;mBACnB,iBAAiB;;;;;UAK1B,MAAM,EAAE,CAoFV;CACH"}
package/out/csp/csp-injection-service.js CHANGED
@@ -95,11 +95,11 @@ const getAtlassianHost = (hostType, microsEnv, icOptions) => {
95
95
  };
96
96
  const getFOSHostDownload = (microsEnv, icOptions) => {
97
97
  const fosHost = getAtlassianHost('ATLASSIAN_FOS_HOST', microsEnv, icOptions);
98
- return [`${fosHost}/fos-eap/download/*/`, `${fosHost}/fop/app/download/*/`, `${fosHost}/fop/cdn/download/*/`];
98
+ return [`${fosHost}/fos-eap/download/`, `${fosHost}/fop/app/download/`, `${fosHost}/fop/cdn/download/`];
99
99
  };
100
100
  const getFOSHostUpload = (microsEnv, icOptions) => {
101
101
  const fosHost = getAtlassianHost('ATLASSIAN_FOS_HOST', microsEnv, icOptions);
102
- return [`${fosHost}/fos-eap/upload/*/`, `${fosHost}/fop/app/upload/*/`, `${fosHost}/fop/cdn/upload/*/`];
102
+ return [`${fosHost}/fos-eap/upload/`, `${fosHost}/fop/app/upload/`, `${fosHost}/fop/cdn/upload/`];
103
103
  };
104
104
  const getAtlassianImageHost = (microsEnv, icOptions) => {
105
105
  return [
@@ -128,6 +128,7 @@ class CSPInjectionService {
128
128
  const frameSrc = [
129
129
  "'self'",
130
130
  hostname,
131
+ getAtlassianHost('ATLASSIAN_MEDIA_GATEWAY_HOST', microsEnv, icOptions),
131
132
  ...this.getExistingCSPDetails(types_1.ExternalCspType.FRAME_SRC, existingCSPDetails),
132
133
  ...getFOSHostDownload(microsEnv, icOptions)
133
134
  ]
@@ -163,6 +164,7 @@ class CSPInjectionService {
163
164
  const connectSrc = [
164
165
  "'self'",
165
166
  ...this.getConnectSrc(microsEnv, !!tunnelCSPReporterUri, icOptions),
167
+ this.getForgeGlobalCSP(microsEnv, isFedRAMP, icOptions),
166
168
  ...this.getExistingCSPDetails(types_1.ExternalCspType.CONNECT_SRC, existingCSPDetails)
167
169
  ].join(' ');
168
170
  const scriptSrc = [
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@forge/csp",
3
- "version": "5.2.0",
3
+ "version": "5.3.0-experimental-b3c33d6",
4
4
  "description": "Contains the CSP configuration for Custom UI resources in Forge",
5
5
  "main": "out/index.js",
6
6
  "author": "Atlassian",
@@ -11,8 +11,8 @@
11
11
  "clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
12
12
  },
13
13
  "devDependencies": {
14
- "@forge/cli-shared": "8.8.1",
15
- "@forge/manifest": "10.8.0",
14
+ "@forge/cli-shared": "8.9.1-next.1-experimental-b3c33d6",
15
+ "@forge/manifest": "11.0.1-next.0-experimental-b3c33d6",
16
16
  "@types/jest": "^29.5.14",
17
17
  "@types/node": "20.19.1",
18
18
  "cheerio": "^1.1.0"