@forge/csp 5.7.0 → 5.8.0-next.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/out/csp/csp-injection-service.d.ts +2 -1
  3. package/out/csp/csp-injection-service.d.ts.map +1 -1
  4. package/out/csp/csp-injection-service.js +6 -3
  5. package/package.json +2 -2
package/CHANGELOG.md CHANGED
@@ -1,5 +1,11 @@
1
1
  # @forge/csp
2
2
 
3
+ ## 5.8.0-next.0
4
+
5
+ ### Minor Changes
6
+
7
+ - e7fa544: add support for connect domain to frame ancestors
8
+
3
9
  ## 5.7.0
4
10
 
5
11
  ### Minor Changes
package/out/csp/csp-injection-service.d.ts CHANGED
@@ -18,7 +18,7 @@ export declare class CSPInjectionService {
18
18
  private getExistingCSPDetails;
19
19
  private getConnectSrc;
20
20
  private getFrameAncestors;
21
- getInjectableCSP: ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHost }: {
21
+ getInjectableCSP: ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHost, connectMacroParentDomain }: {
22
22
  existingCSPDetails: CSPDetails;
23
23
  microsEnv: LambdaEnvironment;
24
24
  tunnelCSPReporterUri?: string | undefined;
@@ -26,6 +26,7 @@ export declare class CSPInjectionService {
26
26
  isFedRAMP?: boolean | undefined;
27
27
  icOptions?: IcOptions | undefined;
28
28
  macroParentHost?: string | undefined;
29
+ connectMacroParentDomain?: string | undefined;
29
30
  }) => string[];
30
31
  }
31
32
  export {};
package/out/csp/csp-injection-service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AA8K1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAmCrB,OAAO,CAAC,iBAAiB;IAkElB,gBAAgB;4BASD,UAAU;mBACnB,iBAAiB;;;;;;UAM1B,MAAM,EAAE,CAgGV;CACH"}
1
+ {"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AA+K1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAmCrB,OAAO,CAAC,iBAAiB;IAuElB,gBAAgB;4BAUD,UAAU;mBACnB,iBAAiB;;;;;;;UAO1B,MAAM,EAAE,CAgGV;CACH"}
package/out/csp/csp-injection-service.js CHANGED
@@ -146,13 +146,13 @@ exports.getAtlassianImageHost = getAtlassianImageHost;
146
146
  exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS = ['https://secure.gravatar.com', 'https://images.unsplash.com'];
147
147
  class CSPInjectionService {
148
148
  constructor() {
149
- this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHost }) => {
149
+ this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHost, connectMacroParentDomain }) => {
150
150
  const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv, icOptions);
151
151
  const fosCDNUrls = getFOSCDNUrls(microsEnv, icOptions);
152
152
  const defaultSrc = ["'self'", ...getFOSHostDownload(microsEnv, icOptions), ...fosCDNUrls].join(' ');
153
153
  const frameAncestors = [
154
154
  "'self'",
155
- ...this.getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost),
155
+ ...this.getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost, connectMacroParentDomain),
156
156
  ...getFOSHostDownload(microsEnv, icOptions),
157
157
  ...fosCDNUrls
158
158
  ].join(' ');
@@ -281,7 +281,7 @@ class CSPInjectionService {
281
281
  allowed.push(...getFOSCDNUrls(microsEnv, icOptions));
282
282
  return allowed;
283
283
  }
284
- getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost) {
284
+ getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost, connectMacroParentDomain) {
285
285
  let frameAncestors = [];
286
286
  const localhostWithPortRegex = /^localhost:\d+$/;
287
287
  switch (microsEnv) {
@@ -330,6 +330,9 @@ class CSPInjectionService {
330
330
  }
331
331
  break;
332
332
  }
333
+ if (connectMacroParentDomain) {
334
+ frameAncestors.push(connectMacroParentDomain);
335
+ }
333
336
  if (hostname) {
334
337
  frameAncestors.push(hostname);
335
338
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@forge/csp",
3
- "version": "5.7.0",
3
+ "version": "5.8.0-next.0",
4
4
  "description": "Contains the CSP configuration for Custom UI resources in Forge",
5
5
  "main": "out/index.js",
6
6
  "author": "Atlassian",
@@ -11,7 +11,7 @@
11
11
  "clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
12
12
  },
13
13
  "devDependencies": {
14
- "@forge/cli-shared": "8.20.0",
14
+ "@forge/cli-shared": "8.21.0-next.0",
15
15
  "@forge/manifest": "12.6.0",
16
16
  "@types/jest": "^29.5.14",
17
17
  "@types/node": "20.19.1",