New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@forge/csp
Advanced tools
@forge/csp - npm Package Compare versions
Comparing version 0.0.0-experimental-64caa5a to 0.0.0-experimental-7c72fec
| # @forge/csp | ||
| ## 0.0.0-experimental-64caa5a | ||
| ## 1.9.0 | ||
| ### Minor Changes | ||
| - 1c196ff: Add support for external fetch client to reference remote | ||
| ### Patch Changes | ||
| - 04e4152: Enabling new frame ancestors '_.atl-paas.net' and '_.atlassian.com' | ||
| - 1dba082: Enabling new frame ancestors '_.atl-paas.net' and '_.atlassian.com' | ||
| ## 1.9.0-next.1 | ||
| ### Minor Changes | ||
| - 1c196ff: Add support for external fetch client to reference remote | ||
| ## 1.8.1-next.0 | ||
@@ -10,0 +20,0 @@ |
| import type { Logger } from '@forge/cli-shared'; | ||
| import type { Permissions } from '@forge/manifest'; | ||
| import { ContentPermissions, CSPDetails, DocumentBody } from '../types'; | ||
| export declare class InvalidConnectSrc extends Error { | ||
| constructor(); | ||
| } | ||
| export declare class CSPProcessingService { | ||
@@ -9,2 +12,3 @@ private readonly logger; | ||
| getInvalidCspPermissions(contentPermissions: ContentPermissions): string[]; | ||
| private assertValidFetchClient; | ||
| private mapExternalPermissionsToCsp; | ||
@@ -11,0 +15,0 @@ private getStyleSrc; |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.CSPProcessingService = void 0; | ||
| exports.CSPProcessingService = exports.InvalidConnectSrc = void 0; | ||
| const tslib_1 = require("tslib"); | ||
@@ -15,2 +15,8 @@ const cheerio_1 = tslib_1.__importDefault(require("cheerio")); | ||
| ]; | ||
| class InvalidConnectSrc extends Error { | ||
| constructor() { | ||
| super('fetch.client should be an array of strings'); | ||
| } | ||
| } | ||
| exports.InvalidConnectSrc = InvalidConnectSrc; | ||
| class CSPProcessingService { | ||
@@ -35,5 +41,15 @@ constructor(logger) { | ||
| } | ||
| assertValidFetchClient(fetch) { | ||
| if (fetch === null || fetch === void 0 ? void 0 : fetch.client) { | ||
| for (const client of fetch === null || fetch === void 0 ? void 0 : fetch.client) { | ||
| if (typeof client !== 'string') { | ||
| throw new InvalidConnectSrc(); | ||
| } | ||
| } | ||
| } | ||
| } | ||
| mapExternalPermissionsToCsp(externalPermissions) { | ||
| var _a; | ||
| const { images, media, scripts, fetch, styles, fonts, frames } = externalPermissions; | ||
| this.assertValidFetchClient(fetch); | ||
| return { | ||
@@ -40,0 +56,0 @@ 'img-src': images !== null && images !== void 0 ? images : [], |
| { | ||
| "name": "@forge/csp", | ||
| "version": "0.0.0-experimental-64caa5a", | ||
| "version": "0.0.0-experimental-7c72fec", | ||
| "description": "Contains the CSP configuration for Custom UI resources in Forge", | ||
@@ -14,4 +14,4 @@ "main": "out/index.js", | ||
| "devDependencies": { | ||
| "@forge/cli-shared": "^0.0.0-experimental-64caa5a", | ||
| "@forge/manifest": "^0.0.0-experimental-64caa5a", | ||
| "@forge/cli-shared": "^0.0.0-experimental-7c72fec", | ||
| "@forge/manifest": "^0.0.0-experimental-7c72fec", | ||
| "@types/jest": "^26.0.0" | ||
@@ -18,0 +18,0 @@ }, |
Sorry, the diff of this file is not supported yet
Fixed alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by3.72%
26350
- Lines of code
- increased by5.42%
389
Worsened metrics
- Number of medium supply chain risk alerts
- increased by150%
10
No dependency changes