@forge/csp - npm Package Compare versions

Comparing version 1.4.0 to 1.5.0-next.0

CHANGELOG.md

 # @forge/csp
 
+## 1.5.0-next.0
+
+### Minor Changes
+
+- 638194f: Fix logic to detect missing fetch egress permission
+
 ## 1.4.0
@@ -4,0 +10,0 @@

out/egress/egress-filtering-service.d.ts

@@ -7,6 +7,6 @@ export declare class EgressFilteringService {
     private safeURL;
-    private withoutQueryString;
     isValidUrl(url: string): boolean;
+    private domainCheck;
     private domainIsAllowed;
 }
 //# sourceMappingURL=egress-filtering-service.d.ts.map

out/egress/egress-filtering-service.js

@@ -11,3 +11,3 @@ "use strict";
             .filter((domainOrURL) => !domainOrURL.startsWith('*'))
-            .map((url) => this.safeURL(url).toString());
+            .map((url) => this.safeURL(url));
         this.wildcardDomains = allowList
@@ -23,7 +23,2 @@ .filter((domainOrURL) => domainOrURL !== '*')
     }
-    withoutQueryString(url) {
-        const parsedURL = this.safeURL(url);
-        parsedURL.search = '';
-        return parsedURL;
-    }
     isValidUrl(url) {
@@ -33,11 +28,7 @@ if (this.allowsEverything) {
         }
-        const urlWithoutQuery = this.withoutQueryString(url);
-        if (this.URLs.includes(url) || this.URLs.includes(urlWithoutQuery.toString())) {
-            return true;
-        }
-        return this.domainIsAllowed(urlWithoutQuery);
+        return this.domainIsAllowed(this.safeURL(url));
     }
-    domainIsAllowed(domain) {
-        const hostnameMatchedProtocol = this.wildcardDomains
-            .filter((wildcarded) => wildcarded.protocol === domain.protocol)
+    domainCheck(domain, allowList) {
+        const hostnameMatchedProtocol = allowList
+            .filter((allowed) => allowed.protocol === domain.protocol)
             .map((url) => url.hostname);
@@ -48,3 +39,12 @@ return (micromatch_1.default([domain.hostname], hostnameMatchedProtocol, {
     }
+    domainIsAllowed(domain) {
+        if (this.domainCheck(domain, this.URLs)) {
+            return true;
+        }
+        if (this.domainCheck(domain, this.wildcardDomains)) {
+            return true;
+        }
+        return false;
+    }
 }
 exports.EgressFilteringService = EgressFilteringService;

package.json

 {
   "name": "@forge/csp",
-  "version": "1.4.0",
+  "version": "1.5.0-next.0",
   "description": "Contains the CSP configuration for Custom UI resources in Forge",
@@ -14,4 +14,4 @@ "main": "out/index.js",
   "devDependencies": {
-    "@forge/cli-shared": "^1.1.1",
-    "@forge/manifest": "^1.3.1",
+    "@forge/cli-shared": "^1.2.1-next.0",
+    "@forge/manifest": "^1.3.3-next.0",
     "@types/jest": "^26.0.0"
@@ -18,0 +18,0 @@ },

New alerts

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

21004

increased by0.05%

Worsened metrics

Number of low quality alerts

2

increased by100%

No dependency changes