Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement
Sign In

@forge/csp

Package Overview
Dependencies
Maintainers
1
Versions
383
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@forge/csp - npm Package Compare versions

Comparing version
5.6.0
 to
5.6.1-experimental-1dcd593
+19
-0
CHANGELOG.md
# @forge/csp
## 5.6.1
### Patch Changes
- 5a73009: Add hostname to connect-src CSP directive
- a147579: Add http to localhost url for embedded macro when parent is tunneling
## 5.6.1-next.1
### Patch Changes
- 5a73009: Add hostname to connect-src CSP directive
## 5.6.1-next.0
### Patch Changes
- a147579: Add http to localhost url for embedded macro when parent is tunneling
## 5.6.0

@@ -4,0 +23,0 @@ 

+1
-1
LICENSE.txt

@@ -1,2 +0,2 @@

Copyright (c) 2025 Atlassian
Copyright (c) 2026 Atlassian
Permission is hereby granted to use this software in accordance with the terms

@@ -3,0 +3,0 @@ and conditions outlined in the Atlassian Developer Terms, which can be found

+1
-1
out/csp/csp-injection-service.d.ts.map

@@ -1,1 +0,1 @@

{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAsJ1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAkCrB,OAAO,CAAC,iBAAiB;IAkElB,gBAAgB;4BASD,UAAU;mBACnB,iBAAiB;;;;;;UAM1B,MAAM,EAAE,CAoFV;CACH"}
{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAsJ1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAkCrB,OAAO,CAAC,iBAAiB;IAkElB,gBAAgB;4BASD,UAAU;mBACnB,iBAAiB;;;;;;UAM1B,MAAM,EAAE,CAwFV;CACH"}
+5
-2
out/csp/csp-injection-service.js

@@ -178,6 +178,9 @@ "use strict";

"'self'",
hostname,
...this.getConnectSrc(microsEnv, !!tunnelCSPReporterUri, icOptions),
this.getForgeGlobalCSP(microsEnv, isFedRAMP, icOptions),
...this.getExistingCSPDetails(types_1.ExternalCspType.CONNECT_SRC, existingCSPDetails)
].join(' ');
]
.filter((a) => a)
.join(' ');
const scriptSrc = [

@@ -297,3 +300,3 @@ "'self'",

if (localhostWithPortRegex.test(macroParentHost)) {
frameAncestors.push(macroParentHost);
frameAncestors.push(`http://${macroParentHost}`);
}

@@ -300,0 +303,0 @@ else {

+3
-3
package.json
{
"name": "@forge/csp",
"version": "5.6.0",
"version": "5.6.1-experimental-1dcd593",
"description": "Contains the CSP configuration for Custom UI resources in Forge",

@@ -14,4 +14,4 @@ "main": "out/index.js",

"devDependencies": {
"@forge/cli-shared": "8.12.0",
"@forge/manifest": "11.3.0",
"@forge/cli-shared": "8.15.2-next.0-experimental-1dcd593",
"@forge/manifest": "12.1.1-next.0-experimental-1dcd593",
"@types/jest": "^29.5.14",

@@ -18,0 +18,0 @@ "@types/node": "20.19.1",