@forge/csp - npm Package Compare versions

Comparing version 1.0.1 to 1.0.2-next.0

CHANGELOG.md

 # @forge/csp
 
+## 1.0.2-next.0
+
+### Patch Changes
+
+- 8ad9442: Allowlist images from Atlassian API inside Custom UI apps
+
 ## 1.0.1
@@ -4,0 +10,0 @@

out/csp-injection-service.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.CSPInjectionService = void 0;
-const avatarCdnHosts = {
-    dev: ['https://avatar-management--avatars.us-west-2.staging.public.atl-paas.net'],
-    stg: ['https://avatar-management--avatars.us-west-2.staging.public.atl-paas.net'],
-    prod: ['https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net']
+const atlassianImageHosts = {
+    dev: ['https://avatar-management--avatars.us-west-2.staging.public.atl-paas.net', 'https://api.dev.atlassian.com'],
+    stg: ['https://avatar-management--avatars.us-west-2.staging.public.atl-paas.net', 'https://api.stg.atlassian.com'],
+    prod: ['https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net', 'https://api.atlassian.com']
 };
@@ -15,3 +15,3 @@ const gravatarUrl = 'https://secure.gravatar.com';
             const defaultSrc = `'self'`;
-            const imgSrc = ["'self'", 'data:', 'blob:', gravatarUrl, ...avatarCdnHosts[env]].join(' ');
+            const imgSrc = ["'self'", 'data:', 'blob:', gravatarUrl, ...atlassianImageHosts[env]].join(' ');
             const mediaSrc = ["'self'", 'data:', 'blob:'].join(' ');
@@ -18,0 +18,0 @@ const scriptSrc = ["'self'", this.getForgeGlobalCSP(env), ...existingCSPDetails['script-src']].join(' ');

package.json

 {
   "name": "@forge/csp",
-  "version": "1.0.1",
+  "version": "1.0.2-next.0",
   "description": "Contains the CSP configuration for Custom UI resources in Forge",
@@ -14,3 +14,3 @@ "main": "out/index.js",
   "devDependencies": {
-    "@forge/cli-shared": "^1.0.1",
+    "@forge/cli-shared": "^1.0.2-next.0",
     "@types/jest": "^26.0.0"
@@ -17,0 +17,0 @@ },

New alerts

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

8701

increased by2.65%

Worsened metrics

Number of low quality alerts

2

increased by100%

No dependency changes