@forge/csp - npm Package Compare versions

Comparing version 2.0.1 to 2.1.0-next.0

CHANGELOG.md

 # @forge/csp
 
+## 2.1.0-next.0
+
+### Minor Changes
+
+- eeee3d3f: Added ws://localhost to CSP
+
 ## 2.0.1
@@ -4,0 +10,0 @@

out/csp/csp-injection-service.d.ts

@@ -7,5 +7,6 @@ import type { LambdaEnvironment } from '@forge/cli-shared';
     private getExistingCSPDetails;
+    private getConnectSrc;
     private getFrameAncestors;
-    getInjectableCSP: (existingCSPDetails: CSPDetails, env: LambdaEnvironment, tunnelCSPReporterUri?: string) => string[];
+    getInjectableCSP: (existingCSPDetails: CSPDetails, microsEnv: LambdaEnvironment, tunnelCSPReporterUri?: string) => string[];
 }
 //# sourceMappingURL=csp-injection-service.d.ts.map

out/csp/csp-injection-service.js

@@ -13,6 +13,6 @@ "use strict";
     constructor() {
-        this.getInjectableCSP = (existingCSPDetails, env, tunnelCSPReporterUri) => {
-            const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(env);
+        this.getInjectableCSP = (existingCSPDetails, microsEnv, tunnelCSPReporterUri) => {
+            const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv);
             const defaultSrc = `'self'`;
-            const frameAncestors = ["'self'", ...this.getFrameAncestors(env)].join(' ');
+            const frameAncestors = ["'self'", ...this.getFrameAncestors(microsEnv)].join(' ');
             const frameSrc = ["'self'", ...this.getExistingCSPDetails(types_1.ExternalCspType.FRAME_SRC, existingCSPDetails)].join(' ');
@@ -25,3 +25,3 @@ const fontSrc = ["'self'", ...this.getExistingCSPDetails(types_1.ExternalCspType.FONT_SRC, existingCSPDetails)].join(' ');
                 gravatarUrl,
-                ...atlassianImageHosts[env],
+                ...atlassianImageHosts[microsEnv],
                 ...this.getExistingCSPDetails(types_1.ExternalCspType.IMG_SRC, existingCSPDetails)
@@ -35,6 +35,10 @@ ].join(' ');
             ].join(' ');
-            const connectSrc = ["'self'", ...this.getExistingCSPDetails(types_1.ExternalCspType.CONNECT_SRC, existingCSPDetails)].join(' ');
+            const connectSrc = [
+                "'self'",
+                ...this.getConnectSrc(!!tunnelCSPReporterUri),
+                ...this.getExistingCSPDetails(types_1.ExternalCspType.CONNECT_SRC, existingCSPDetails)
+            ].join(' ');
             const scriptSrc = [
                 "'self'",
-                this.getForgeGlobalCSP(env),
+                this.getForgeGlobalCSP(microsEnv),
                 ...this.getExistingCSPDetails(types_1.ExternalCspType.SCRIPT_SRC, existingCSPDetails)
@@ -59,11 +63,9 @@ ].join(' ');
     }
-    getCSPReportUri(env, tunnelCSPReporterUri) {
-        if (tunnelCSPReporterUri)
-            return tunnelCSPReporterUri;
-        if (env === 'prod')
-            return 'https://web-security-reports.services.atlassian.com/csp-report/forge-cdn';
-        return 'https://web-security-reports.stg.services.atlassian.com/csp-report/forge-cdn';
+    getCSPReportUri(microsEnv) {
+        if (microsEnv === 'dev' || microsEnv === 'stg')
+            return 'https://web-security-reports.stg.services.atlassian.com/csp-report/forge-cdn';
+        return 'https://web-security-reports.services.atlassian.com/csp-report/forge-cdn';
     }
-    getForgeGlobalCSP(env) {
-        return `https://forge.cdn.${env}.atlassian-dev.net`;
+    getForgeGlobalCSP(microsEnv) {
+        return `https://forge.cdn.${microsEnv}.atlassian-dev.net`;
     }
@@ -74,15 +76,21 @@ getExistingCSPDetails(cspType, cspDetails) {
     }
-    getFrameAncestors(env) {
-        if (env === 'prod')
-            return ['*.atlassian.net', 'bitbucket.org', '*.jira.com', '*.atlassian.com'];
-        return [
-            '*.jira-dev.com',
-            'http://localhost:*',
-            '*.devbucket.org',
-            'https://staging.bb-inf.net',
-            'https://integration.bb-inf.net',
-            '*.atl-paas.net'
-        ];
+    getConnectSrc(isTunnelling) {
+        if (isTunnelling)
+            return ['ws://localhost:*', 'http://localhost:*'];
+        return [];
     }
+    getFrameAncestors(microsEnv) {
+        if (microsEnv === 'dev' || microsEnv === 'stg') {
+            return [
+                '*.jira-dev.com',
+                'http://localhost:*',
+                '*.devbucket.org',
+                'https://staging.bb-inf.net',
+                'https://integration.bb-inf.net',
+                '*.atl-paas.net'
+            ];
+        }
+        return ['*.atlassian.net', 'bitbucket.org', '*.jira.com', '*.atlassian.com'];
+    }
 }
 exports.CSPInjectionService = CSPInjectionService;

package.json

 {
   "name": "@forge/csp",
-  "version": "2.0.1",
+  "version": "2.1.0-next.0",
   "description": "Contains the CSP configuration for Custom UI resources in Forge",
@@ -14,4 +14,4 @@ "main": "out/index.js",
   "devDependencies": {
-    "@forge/cli-shared": "^3.3.0",
-    "@forge/manifest": "^4.5.1",
+    "@forge/cli-shared": "^3.4.0-next.2",
+    "@forge/manifest": "^4.5.2-next.0",
     "@types/jest": "^29.1.2"
@@ -18,0 +18,0 @@ },

New alerts

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

24171

increased by1.95%

Lines of code

312

increased by2.97%

Worsened metrics

Number of low quality alerts

2

increased by100%

No dependency changes