@forge/csp 5.6.1-next.1 → 5.7.0-experimental-a6c6519

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +19 -0
  2. package/LICENSE.txt +1 -1
  3. package/out/csp/csp-injection-service.d.ts.map +1 -1
  4. package/out/csp/csp-injection-service.js +30 -4
  5. package/package.json +3 -3
package/CHANGELOG.md CHANGED
@@ -1,5 +1,24 @@
1
1
  # @forge/csp
2
2
 
3
+ ## 5.7.0
4
+
5
+ ### Minor Changes
6
+
7
+ - 4af6ca2: Added new Forge Object Store CDN URLs
8
+
9
+ ## 5.7.0-next.0
10
+
11
+ ### Minor Changes
12
+
13
+ - 4af6ca2: Added new Forge Object Store CDN URLs
14
+
15
+ ## 5.6.1
16
+
17
+ ### Patch Changes
18
+
19
+ - 5a73009: Add hostname to connect-src CSP directive
20
+ - a147579: Add http to localhost url for embedded macro when parent is tunneling
21
+
3
22
  ## 5.6.1-next.1
4
23
 
5
24
  ### Patch Changes
package/LICENSE.txt CHANGED
@@ -1,4 +1,4 @@
1
- Copyright (c) 2025 Atlassian
1
+ Copyright (c) 2026 Atlassian
2
2
  Permission is hereby granted to use this software in accordance with the terms
3
3
  and conditions outlined in the Atlassian Developer Terms, which can be found
4
4
  at the following URL:
package/out/csp/csp-injection-service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAsJ1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAkCrB,OAAO,CAAC,iBAAiB;IAkElB,gBAAgB;4BASD,UAAU;mBACnB,iBAAiB;;;;;;UAM1B,MAAM,EAAE,CAwFV;CACH"}
1
+ {"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AA8K1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAmCrB,OAAO,CAAC,iBAAiB;IAkElB,gBAAgB;4BASD,UAAU;mBACnB,iBAAiB;;;;;;UAM1B,MAAM,EAAE,CAgGV;CACH"}
package/out/csp/csp-injection-service.js CHANGED
@@ -101,6 +101,19 @@ const getAtlassianHost = (hostType, microsEnv, icOptions) => {
101
101
  }
102
102
  return hostMap[microsEnv];
103
103
  };
104
+ const FOS_CDN_STANDARD_HOST = {
105
+ dev: 'https://object-store.stg.atlassian.com',
106
+ stg: 'https://object-store.stg.atlassian.com',
107
+ prod: 'https://object-store.atlassian.com'
108
+ };
109
+ const FOS_CDN_IC_HOST = makeICHosts((env, icOptions) => `https://object-store.${getICDomain(env, icOptions)}`);
110
+ const FOS_CDN_PATH = '/os/ecosystem/installation/';
111
+ const getFOSCDNHost = (microsEnv, icOptions) => {
112
+ if (isICEnvKey(microsEnv)) {
113
+ return icOptions ? FOS_CDN_IC_HOST[microsEnv](icOptions) : undefined;
114
+ }
115
+ return FOS_CDN_STANDARD_HOST[microsEnv];
116
+ };
104
117
  const getFOSHostDownload = (microsEnv, icOptions) => {
105
118
  const fosHost = getAtlassianHost('ATLASSIAN_FOS_HOST', microsEnv, icOptions);
106
119
  return isICEnvKey(microsEnv)
@@ -113,6 +126,10 @@ const getFOSHostUpload = (microsEnv, icOptions) => {
113
126
  ? [`${fosHost}/fos/app/upload/`, `${fosHost}/fos/cdn/upload/`]
114
127
  : [`${fosHost}/fos-eap/upload/`, `${fosHost}/fos/app/upload/`, `${fosHost}/fos/cdn/upload/`];
115
128
  };
129
+ const getFOSCDNUrls = (microsEnv, icOptions) => {
130
+ const fosCDNHost = getFOSCDNHost(microsEnv, icOptions);
131
+ return fosCDNHost ? [`${fosCDNHost}${FOS_CDN_PATH}`] : [];
132
+ };
116
133
  const getAtlassianImageHost = (microsEnv, icOptions) => {
117
134
  return [
118
135
  `https://${getAtlassianHost('ATLASSIAN_AVATAR_HOST', microsEnv, icOptions)}`,
@@ -131,24 +148,28 @@ class CSPInjectionService {
131
148
  constructor() {
132
149
  this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHost }) => {
133
150
  const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv, icOptions);
134
- const defaultSrc = ["'self'", ...getFOSHostDownload(microsEnv, icOptions)].join(' ');
151
+ const fosCDNUrls = getFOSCDNUrls(microsEnv, icOptions);
152
+ const defaultSrc = ["'self'", ...getFOSHostDownload(microsEnv, icOptions), ...fosCDNUrls].join(' ');
135
153
  const frameAncestors = [
136
154
  "'self'",
137
155
  ...this.getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost),
138
- ...getFOSHostDownload(microsEnv, icOptions)
156
+ ...getFOSHostDownload(microsEnv, icOptions),
157
+ ...fosCDNUrls
139
158
  ].join(' ');
140
159
  const frameSrc = [
141
160
  "'self'",
142
161
  hostname,
143
162
  getAtlassianHost('ATLASSIAN_MEDIA_GATEWAY_HOST', microsEnv, icOptions),
144
163
  ...this.getExistingCSPDetails(types_1.ExternalCspType.FRAME_SRC, existingCSPDetails),
145
- ...getFOSHostDownload(microsEnv, icOptions)
164
+ ...getFOSHostDownload(microsEnv, icOptions),
165
+ ...fosCDNUrls
146
166
  ]
147
167
  .filter((a) => a)
148
168
  .join(' ');
149
169
  const fontSrc = [
150
170
  "'self'",
151
171
  ...getFOSHostDownload(microsEnv, icOptions),
172
+ ...fosCDNUrls,
152
173
  ...this.getExistingCSPDetails(types_1.ExternalCspType.FONT_SRC, existingCSPDetails)
153
174
  ].join(' ');
154
175
  const imgSrc = [
@@ -158,6 +179,7 @@ class CSPInjectionService {
158
179
  hostname,
159
180
  ...exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS,
160
181
  ...(0, exports.getAtlassianImageHost)(microsEnv, icOptions),
182
+ ...fosCDNUrls,
161
183
  ...this.getExistingCSPDetails(types_1.ExternalCspType.IMG_SRC, existingCSPDetails)
162
184
  ]
163
185
  .filter((a) => a)
@@ -169,7 +191,8 @@ class CSPInjectionService {
169
191
  hostname,
170
192
  getAtlassianHost('ATLASSIAN_MEDIA_GATEWAY_HOST', microsEnv, icOptions),
171
193
  ...this.getExistingCSPDetails(types_1.ExternalCspType.MEDIA_SRC, existingCSPDetails),
172
- ...getFOSHostDownload(microsEnv, icOptions)
194
+ ...getFOSHostDownload(microsEnv, icOptions),
195
+ ...fosCDNUrls
173
196
  ]
174
197
  .filter((a) => a)
175
198
  .join(' ');
@@ -186,6 +209,7 @@ class CSPInjectionService {
186
209
  "'self'",
187
210
  this.getForgeGlobalCSP(microsEnv, isFedRAMP, icOptions),
188
211
  ...getFOSHostDownload(microsEnv, icOptions),
212
+ ...fosCDNUrls,
189
213
  ...this.getExistingCSPDetails(types_1.ExternalCspType.SCRIPT_SRC, existingCSPDetails)
190
214
  ].join(' ');
191
215
  const styleSrc = [
@@ -193,6 +217,7 @@ class CSPInjectionService {
193
217
  hostname,
194
218
  this.getForgeGlobalCSP(microsEnv, isFedRAMP, icOptions),
195
219
  ...getFOSHostDownload(microsEnv, icOptions),
220
+ ...fosCDNUrls,
196
221
  ...this.getExistingCSPDetails(types_1.ExternalCspType.STYLE_SRC, existingCSPDetails)
197
222
  ]
198
223
  .filter((a) => a)
@@ -253,6 +278,7 @@ class CSPInjectionService {
253
278
  }
254
279
  allowed.push(...getFOSHostDownload(microsEnv, icOptions));
255
280
  allowed.push(...getFOSHostUpload(microsEnv, icOptions));
281
+ allowed.push(...getFOSCDNUrls(microsEnv, icOptions));
256
282
  return allowed;
257
283
  }
258
284
  getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@forge/csp",
3
- "version": "5.6.1-next.1",
3
+ "version": "5.7.0-experimental-a6c6519",
4
4
  "description": "Contains the CSP configuration for Custom UI resources in Forge",
5
5
  "main": "out/index.js",
6
6
  "author": "Atlassian",
@@ -11,8 +11,8 @@
11
11
  "clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
12
12
  },
13
13
  "devDependencies": {
14
- "@forge/cli-shared": "8.12.1-next.3",
15
- "@forge/manifest": "11.3.1-next.3",
14
+ "@forge/cli-shared": "8.20.0-experimental-a6c6519",
15
+ "@forge/manifest": "12.6.0-experimental-a6c6519",
16
16
  "@types/jest": "^29.5.14",
17
17
  "@types/node": "20.19.1",
18
18
  "cheerio": "^1.1.0"