@forge/csp 5.6.0 → 5.6.1-experimental-919607a

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +19 -0
  2. package/LICENSE.txt +1 -1
  3. package/out/csp/csp-injection-service.d.ts.map +1 -1
  4. package/out/csp/csp-injection-service.js +5 -2
  5. package/package.json +3 -3
package/CHANGELOG.md CHANGED
@@ -1,5 +1,24 @@
1
1
  # @forge/csp
2
2
 
3
+ ## 5.6.1
4
+
5
+ ### Patch Changes
6
+
7
+ - 5a73009: Add hostname to connect-src CSP directive
8
+ - a147579: Add http to localhost url for embedded macro when parent is tunneling
9
+
10
+ ## 5.6.1-next.1
11
+
12
+ ### Patch Changes
13
+
14
+ - 5a73009: Add hostname to connect-src CSP directive
15
+
16
+ ## 5.6.1-next.0
17
+
18
+ ### Patch Changes
19
+
20
+ - a147579: Add http to localhost url for embedded macro when parent is tunneling
21
+
3
22
  ## 5.6.0
4
23
 
5
24
  ### Minor Changes
package/LICENSE.txt CHANGED
@@ -1,4 +1,4 @@
1
- Copyright (c) 2025 Atlassian
1
+ Copyright (c) 2026 Atlassian
2
2
  Permission is hereby granted to use this software in accordance with the terms
3
3
  and conditions outlined in the Atlassian Developer Terms, which can be found
4
4
  at the following URL:
package/out/csp/csp-injection-service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAsJ1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAkCrB,OAAO,CAAC,iBAAiB;IAkElB,gBAAgB;4BASD,UAAU;mBACnB,iBAAiB;;;;;;UAM1B,MAAM,EAAE,CAoFV;CACH"}
1
+ {"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAsJ1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAkCrB,OAAO,CAAC,iBAAiB;IAkElB,gBAAgB;4BASD,UAAU;mBACnB,iBAAiB;;;;;;UAM1B,MAAM,EAAE,CAwFV;CACH"}
package/out/csp/csp-injection-service.js CHANGED
@@ -175,10 +175,13 @@ class CSPInjectionService {
175
175
  .join(' ');
176
176
  const connectSrc = [
177
177
  "'self'",
178
+ hostname,
178
179
  ...this.getConnectSrc(microsEnv, !!tunnelCSPReporterUri, icOptions),
179
180
  this.getForgeGlobalCSP(microsEnv, isFedRAMP, icOptions),
180
181
  ...this.getExistingCSPDetails(types_1.ExternalCspType.CONNECT_SRC, existingCSPDetails)
181
- ].join(' ');
182
+ ]
183
+ .filter((a) => a)
184
+ .join(' ');
182
185
  const scriptSrc = [
183
186
  "'self'",
184
187
  this.getForgeGlobalCSP(microsEnv, isFedRAMP, icOptions),
@@ -293,7 +296,7 @@ class CSPInjectionService {
293
296
  ];
294
297
  if (macroParentHost) {
295
298
  if (localhostWithPortRegex.test(macroParentHost)) {
296
- frameAncestors.push(macroParentHost);
299
+ frameAncestors.push(`http://${macroParentHost}`);
297
300
  }
298
301
  else {
299
302
  frameAncestors.push(`${macroParentHost}.cdn.prod.atlassian-dev.net`);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@forge/csp",
3
- "version": "5.6.0",
3
+ "version": "5.6.1-experimental-919607a",
4
4
  "description": "Contains the CSP configuration for Custom UI resources in Forge",
5
5
  "main": "out/index.js",
6
6
  "author": "Atlassian",
@@ -11,8 +11,8 @@
11
11
  "clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
12
12
  },
13
13
  "devDependencies": {
14
- "@forge/cli-shared": "8.12.0",
15
- "@forge/manifest": "11.3.0",
14
+ "@forge/cli-shared": "8.15.0-next.1-experimental-919607a",
15
+ "@forge/manifest": "11.4.0-next.1-experimental-919607a",
16
16
  "@types/jest": "^29.5.14",
17
17
  "@types/node": "20.19.1",
18
18
  "cheerio": "^1.1.0"