@forge/csp - npm Package Compare versions

CHANGELOG.md

		# @forge/csp

		## 2.1.5-experimental-343ae22

		### Major Changes

		- 2292902: Update CSP injection to include hostname

		## 2.1.5

		### Patch Changes

		- 8105c45: Bumping dependencies via Renovate:

		- @types/jest
		- jest
		- jest-environment-jsdom

		## 2.1.5-next.0

		### Patch Changes

		- 8105c45: Bumping dependencies via Renovate:

		- @types/jest
		- jest
		- jest-environment-jsdom

		## 2.1.4
		@@ -4,0 +30,0 @@

out/csp/csp-injection-service.d.ts

		@@ -8,5 +8,11 @@ import type { LambdaEnvironment } from '@forge/cli-shared';
		private getConnectSrc;
		private isCurrentHostAllowed;
		private getFrameAncestors;
		getInjectableCSP: (existingCSPDetails: CSPDetails, microsEnv: LambdaEnvironment, tunnelCSPReporterUri?: string) => string[];
		getInjectableCSP: ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname }: {
		existingCSPDetails: CSPDetails;
		microsEnv: LambdaEnvironment;
		hostname?: string \| undefined;
		tunnelCSPReporterUri?: string \| undefined;
		}) => string[];
		}
		//# sourceMappingURL=csp-injection-service.d.ts.map

out/csp/csp-injection-service.js

		@@ -13,6 +13,6 @@ "use strict";
		constructor() {
		this.getInjectableCSP = (existingCSPDetails, microsEnv, tunnelCSPReporterUri) => {
		this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname }) => {
		const reportUri = tunnelCSPReporterUri \|\| this.getCSPReportUri(microsEnv);
		const defaultSrc = `'self'`;
		const frameAncestors = ["'self'", ...this.getFrameAncestors(microsEnv)].join(' ');
		const frameAncestors = ["'self'", ...this.getFrameAncestors(microsEnv, hostname)].join(' ');
		const frameSrc = ["'self'", ...this.getExistingCSPDetails(types_1.ExternalCspType.FRAME_SRC, existingCSPDetails)].join(' ');
		@@ -87,5 +87,9 @@ const fontSrc = ["'self'", ...this.getExistingCSPDetails(types_1.ExternalCspType.FONT_SRC, existingCSPDetails)].join(' ');
		}
		getFrameAncestors(microsEnv) {
		isCurrentHostAllowed(hostname) {
		return true;
		}
		getFrameAncestors(microsEnv, hostname) {
		let frameAncestors = [];
		if (microsEnv === 'dev' \|\| microsEnv === 'stg') {
		return [
		frameAncestors = [
		'*.jira-dev.com',
		@@ -97,8 +101,16 @@ 'http://localhost:*',
		'*.atl-paas.net',
		'*.stg.atlassian.com'
		'*.stg.atlassian.com',
		'*.testing.com'
		];
		}
		return ['.atlassian.net', 'bitbucket.org', '.jira.com', '*.atlassian.com'];
		else {
		frameAncestors = ['.atlassian.net', 'bitbucket.org', '.jira.com', '*.atlassian.com'];
		}
		if (hostname && this.isCurrentHostAllowed(hostname)) {
		frameAncestors.push(hostname);
		frameAncestors = [...new Set(frameAncestors)];
		}
		return frameAncestors;
		}
		}
		exports.CSPInjectionService = CSPInjectionService;

package.json

		{
		"name": "@forge/csp",
		"version": "2.1.4",
		"version": "2.1.5-experimental-343ae22",
		"description": "Contains the CSP configuration for Custom UI resources in Forge",
		@@ -14,5 +14,5 @@ "main": "out/index.js",
		"devDependencies": {
		"@forge/cli-shared": "3.16.0",
		"@forge/manifest": "4.17.0",
		"@types/jest": "^29.1.2"
		"@forge/cli-shared": "3.17.2-next.6",
		"@forge/manifest": "4.19.1-next.3",
		"@types/jest": "^29.5.3"
		},
		@@ -19,0 +19,0 @@ "dependencies": {

out/csp/csp-injection-service.d.ts.map

Sorry, the diff of this file is not supported yet

out/csp/csp-processing-service.d.ts.map

Sorry, the diff of this file is not supported yet

New alerts