@forge/csp 5.5.0-next.0 → 5.5.0-next.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/out/csp/csp-injection-service.d.ts +2 -2
  3. package/out/csp/csp-injection-service.d.ts.map +1 -1
  4. package/out/csp/csp-injection-service.js +13 -7
  5. package/package.json +3 -3
package/CHANGELOG.md CHANGED
@@ -1,5 +1,11 @@
1
1
  # @forge/csp
2
2
 
3
+ ## 5.5.0-next.1
4
+
5
+ ### Patch Changes
6
+
7
+ - ddc6274: Add localhost to frameAncestors in prod when passed in appContext
8
+
3
9
  ## 5.5.0-next.0
4
10
 
5
11
  ### Minor Changes
package/out/csp/csp-injection-service.d.ts CHANGED
@@ -18,14 +18,14 @@ export declare class CSPInjectionService {
18
18
  private getExistingCSPDetails;
19
19
  private getConnectSrc;
20
20
  private getFrameAncestors;
21
- getInjectableCSP: ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHostDomain }: {
21
+ getInjectableCSP: ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHost }: {
22
22
  existingCSPDetails: CSPDetails;
23
23
  microsEnv: LambdaEnvironment;
24
24
  tunnelCSPReporterUri?: string | undefined;
25
25
  hostname?: string | undefined;
26
26
  isFedRAMP?: boolean | undefined;
27
27
  icOptions?: IcOptions | undefined;
28
- macroParentHostDomain?: string | undefined;
28
+ macroParentHost?: string | undefined;
29
29
  }) => string[];
30
30
  }
31
31
  export {};
package/out/csp/csp-injection-service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAsJ1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAkCrB,OAAO,CAAC,iBAAiB;IA4DlB,gBAAgB;4BASD,UAAU;mBACnB,iBAAiB;;;;;;UAM1B,MAAM,EAAE,CAoFV;CACH"}
1
+ {"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAsJ1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAkCrB,OAAO,CAAC,iBAAiB;IAkElB,gBAAgB;4BASD,UAAU;mBACnB,iBAAiB;;;;;;UAM1B,MAAM,EAAE,CAoFV;CACH"}
package/out/csp/csp-injection-service.js CHANGED
@@ -129,12 +129,12 @@ exports.getAtlassianImageHost = getAtlassianImageHost;
129
129
  exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS = ['https://secure.gravatar.com', 'https://images.unsplash.com'];
130
130
  class CSPInjectionService {
131
131
  constructor() {
132
- this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHostDomain }) => {
132
+ this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHost }) => {
133
133
  const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv, icOptions);
134
134
  const defaultSrc = ["'self'", ...getFOSHostDownload(microsEnv, icOptions)].join(' ');
135
135
  const frameAncestors = [
136
136
  "'self'",
137
- ...this.getFrameAncestors(microsEnv, hostname, icOptions, macroParentHostDomain),
137
+ ...this.getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost),
138
138
  ...getFOSHostDownload(microsEnv, icOptions)
139
139
  ].join(' ');
140
140
  const frameSrc = [
@@ -252,8 +252,9 @@ class CSPInjectionService {
252
252
  allowed.push(...getFOSHostUpload(microsEnv, icOptions));
253
253
  return allowed;
254
254
  }
255
- getFrameAncestors(microsEnv, hostname, icOptions, macroParentHostDomain) {
255
+ getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost) {
256
256
  let frameAncestors = [];
257
+ const localhostWithPortRegex = /^localhost:\d+$/;
257
258
  switch (microsEnv) {
258
259
  case 'dev':
259
260
  case 'stg':
@@ -265,8 +266,8 @@ class CSPInjectionService {
265
266
  '*.atl-paas.net',
266
267
  '*.stg.atlassian.com'
267
268
  ];
268
- if (macroParentHostDomain) {
269
- frameAncestors.push(`${macroParentHostDomain}.cdn.stg.atlassian-dev.net`);
269
+ if (macroParentHost && !localhostWithPortRegex.test(macroParentHost)) {
270
+ frameAncestors.push(`${macroParentHost}.cdn.stg.atlassian-dev.net`);
270
271
  }
271
272
  break;
272
273
  case 'fedramp-stg':
@@ -290,8 +291,13 @@ class CSPInjectionService {
290
291
  '*.atlassian.com',
291
292
  '*.frontend.public.atl-paas.net'
292
293
  ];
293
- if (macroParentHostDomain) {
294
- frameAncestors.push(`${macroParentHostDomain}.cdn.prod.atlassian-dev.net`);
294
+ if (macroParentHost) {
295
+ if (localhostWithPortRegex.test(macroParentHost)) {
296
+ frameAncestors.push(macroParentHost);
297
+ }
298
+ else {
299
+ frameAncestors.push(`${macroParentHost}.cdn.prod.atlassian-dev.net`);
300
+ }
295
301
  }
296
302
  break;
297
303
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@forge/csp",
3
- "version": "5.5.0-next.0",
3
+ "version": "5.5.0-next.1",
4
4
  "description": "Contains the CSP configuration for Custom UI resources in Forge",
5
5
  "main": "out/index.js",
6
6
  "author": "Atlassian",
@@ -11,8 +11,8 @@
11
11
  "clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
12
12
  },
13
13
  "devDependencies": {
14
- "@forge/cli-shared": "8.11.0-next.3",
15
- "@forge/manifest": "11.1.1-next.1",
14
+ "@forge/cli-shared": "8.11.0-next.4",
15
+ "@forge/manifest": "11.2.0-next.2",
16
16
  "@types/jest": "^29.5.14",
17
17
  "@types/node": "20.19.1",
18
18
  "cheerio": "^1.1.0"