@forge/csp 5.4.0-next.0 → 5.4.0-next.1-experimental-4bd2ca0

package/CHANGELOG.md

@@ -1,5 +1,21 @@
 # @forge/csp
 
+## 5.4.0-next.1-experimental-4bd2ca0
+
+### Minor Changes
+
+- 901ffb2: Correct FOS CSP
+
+### Patch Changes
+
+- 6a0cb5e: Add macroParentHostDomain.cdn.[env].atlassian-dev.net conditionally to frameAncestors
+
+## 5.4.0-next.1
+
+### Patch Changes
+
+- 6a0cb5e: Add macroParentHostDomain.cdn.[env].atlassian-dev.net conditionally to frameAncestors
+
 ## 5.4.0-next.0
 
 ### Minor Changes

package/out/csp/csp-injection-service.d.ts

@@ -18,13 +18,14 @@ export declare class CSPInjectionService {
     private getExistingCSPDetails;
     private getConnectSrc;
     private getFrameAncestors;
-    getInjectableCSP: ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions }: {
+    getInjectableCSP: ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHostDomain }: {
         existingCSPDetails: CSPDetails;
         microsEnv: LambdaEnvironment;
         tunnelCSPReporterUri?: string | undefined;
         hostname?: string | undefined;
         isFedRAMP?: boolean | undefined;
         icOptions?: IcOptions | undefined;
+        macroParentHostDomain?: string | undefined;
     }) => string[];
 }
 export {};

package/out/csp/csp-injection-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AA8I1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IA+BrB,OAAO,CAAC,iBAAiB;IAiDlB,gBAAgB;4BAQD,UAAU;mBACnB,iBAAiB;;;;;UAK1B,MAAM,EAAE,CAoFV;CACH"}
+{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AA8I1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IA+BrB,OAAO,CAAC,iBAAiB;IA4DlB,gBAAgB;4BASD,UAAU;mBACnB,iBAAiB;;;;;;UAM1B,MAAM,EAAE,CAoFV;CACH"}

package/out/csp/csp-injection-service.js

@@ -121,12 +121,12 @@ exports.getAtlassianImageHost = getAtlassianImageHost;
 exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS = ['https://secure.gravatar.com', 'https://images.unsplash.com'];
 class CSPInjectionService {
     constructor() {
-        this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions }) => {
+        this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHostDomain }) => {
             const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv, icOptions);
             const defaultSrc = ["'self'", ...getFOSHostDownload(microsEnv, icOptions)].join(' ');
             const frameAncestors = [
                 "'self'",
-                ...this.getFrameAncestors(microsEnv, hostname, icOptions),
+                ...this.getFrameAncestors(microsEnv, hostname, icOptions, macroParentHostDomain),
                 ...getFOSHostDownload(microsEnv, icOptions)
             ].join(' ');
             const frameSrc = [
@@ -243,7 +243,7 @@ class CSPInjectionService {
         allowed.push(...getFOSHostUpload(microsEnv, icOptions));
         return allowed;
     }
-    getFrameAncestors(microsEnv, hostname, icOptions) {
+    getFrameAncestors(microsEnv, hostname, icOptions, macroParentHostDomain) {
         let frameAncestors = [];
         switch (microsEnv) {
             case 'dev':
@@ -256,6 +256,9 @@ class CSPInjectionService {
                     '*.atl-paas.net',
                     '*.stg.atlassian.com'
                 ];
+                if (macroParentHostDomain) {
+                    frameAncestors.push(`${macroParentHostDomain}.cdn.stg.atlassian-dev.net`);
+                }
                 break;
             case 'fedramp-stg':
                 frameAncestors = ['*.atlassian-stg-fedm.net'];
@@ -278,6 +281,9 @@ class CSPInjectionService {
                     '*.atlassian.com',
                     '*.frontend.public.atl-paas.net'
                 ];
+                if (macroParentHostDomain) {
+                    frameAncestors.push(`${macroParentHostDomain}.cdn.prod.atlassian-dev.net`);
+                }
                 break;
         }
         if (hostname) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@forge/csp",
-  "version": "5.4.0-next.0",
+  "version": "5.4.0-next.1-experimental-4bd2ca0",
   "description": "Contains the CSP configuration for Custom UI resources in Forge",
   "main": "out/index.js",
   "author": "Atlassian",
@@ -11,8 +11,8 @@
     "clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
   },
   "devDependencies": {
-    "@forge/cli-shared": "8.9.1-next.2",
-    "@forge/manifest": "11.1.0-next.1",
+    "@forge/cli-shared": "8.9.1-next.10-experimental-4bd2ca0",
+    "@forge/manifest": "11.1.0-next.6-experimental-4bd2ca0",
     "@types/jest": "^29.5.14",
     "@types/node": "20.19.1",
     "cheerio": "^1.1.0"