@forge/csp 5.5.0-next.1 → 5.6.0-experimental-0c74a4b

package/CHANGELOG.md

@@ -1,5 +1,51 @@
 # @forge/csp
 
+## 5.6.0
+
+### Minor Changes
+
+- 83b3eac: Use public analytics URL
+
+### Patch Changes
+
+- f995494: Fix CSP for emoji service by updating host URL structure
+- 6077876: Fix analytics domains
+- a91d2de: update content-security-policy-parser to version 0.6.0
+
+## 5.6.0-next.3
+
+### Patch Changes
+
+- a91d2de: update content-security-policy-parser to version 0.6.0
+
+## 5.6.0-next.2
+
+### Patch Changes
+
+- f995494: Fix CSP for emoji service by updating host URL structure
+
+## 5.6.0-next.1
+
+### Patch Changes
+
+- 6077876: Fix analytics domains
+
+## 5.6.0-next.0
+
+### Minor Changes
+
+- 83b3eac: Use public analytics URL
+
+## 5.5.0
+
+### Minor Changes
+
+- cd25766: Add gasv3 analytics domains
+
+### Patch Changes
+
+- ddc6274: Add localhost to frameAncestors in prod when passed in appContext
+
 ## 5.5.0-next.1
 
 ### Patch Changes

package/out/csp/csp-injection-service.js

@@ -34,12 +34,12 @@ const ATLASSIAN_HOST = {
         ...makeICHosts((env, icOptions) => `https://media-api.${getICDomain(env, icOptions)}`)
     },
     ATLASSIAN_ANALYTICS_GATEWAY_HOST: {
-        dev: 'https://as-internal.dev.atl-paas.net',
-        stg: 'https://as-internal.stg.atl-paas.net',
-        prod: 'https://as-internal.prod.atl-paas.net',
-        'fedramp-stg': 'https://as-internal.stg.atlassian-us-gov-mod.com',
-        'fedramp-prod': 'https://as-internal.atlassian-us-gov-mod.com',
-        ...makeICHosts((env, icOptions) => `https://as-internal.${getICDomain(env, icOptions)}`)
+        dev: 'https://as.dev.atl-paas.net',
+        stg: 'https://as.staging.atl-paas.net',
+        prod: 'https://as.atlassian.com',
+        'fedramp-stg': 'https://as.stg.atlassian-us-gov-mod.com',
+        'fedramp-prod': 'https://as.atlassian-us-gov-mod.com',
+        ...makeICHosts((env, icOptions) => `https://as.${getICDomain(env, icOptions)}`)
     },
     ATLASSIAN_AVATAR_HOST: {
         dev: 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
@@ -72,7 +72,7 @@ const ATLASSIAN_HOST = {
         prod: 'https://pf-emoji-service--cdn.us-east-1.prod.public.atl-paas.net',
         'fedramp-stg': 'https://pf-emoji-service--cdn.us-east-1.staging.cdn.atlassian-us-gov-mod.com',
         'fedramp-prod': 'https://pf-emoji-service--cdn.us-east-1.prod.cdn.atlassian-us-gov-mod.com',
-        ...makeICHosts((env, icOptions) => `https://pf-emoji-service.${getICDomain(env, icOptions)}`)
+        ...makeICHosts((env, icOptions) => `https://pf-emoji-service.services.${getICDomain(env, icOptions)}`)
     },
     ATLASSIAN_FOP_GE_HOST: {
         dev: 'https://forge-outbound-proxy.dev.services.atlassian.com',

package/out/csp/csp-processing-service.js

@@ -140,7 +140,7 @@ class CSPProcessingService {
             this.logger.info('discarding potentially-malicious CSP');
             return {};
         }
-        return (0, content_security_policy_parser_1.default)(cspContent);
+        return Object.fromEntries((0, content_security_policy_parser_1.default)(cspContent));
     }
 }
 exports.CSPProcessingService = CSPProcessingService;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@forge/csp",
-  "version": "5.5.0-next.1",
+  "version": "5.6.0-experimental-0c74a4b",
   "description": "Contains the CSP configuration for Custom UI resources in Forge",
   "main": "out/index.js",
   "author": "Atlassian",
@@ -11,14 +11,14 @@
     "clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
   },
   "devDependencies": {
-    "@forge/cli-shared": "8.11.0-next.4",
-    "@forge/manifest": "11.2.0-next.2",
+    "@forge/cli-shared": "8.12.1-next.1-experimental-0c74a4b",
+    "@forge/manifest": "11.3.1-next.1-experimental-0c74a4b",
     "@types/jest": "^29.5.14",
     "@types/node": "20.19.1",
     "cheerio": "^1.1.0"
   },
   "dependencies": {
-    "content-security-policy-parser": "^0.5.0"
+    "content-security-policy-parser": "^0.6.0"
   },
   "peerDependencies": {
     "cheerio": "^1.1.0"