@forge/csp - npm Package Compare versions

Comparing version 5.7.0 to 5.8.0-next.0

CHANGELOG.md

 # @forge/csp
 
+## 5.8.0-next.0
+
+### Minor Changes
+
+- e7fa544: add support for connect domain to frame ancestors
+
 ## 5.7.0
@@ -4,0 +10,0 @@

out/csp/csp-injection-service.d.ts

@@ -21,3 +21,3 @@ import type { LambdaEnvironment } from '@forge/cli-shared';
     private getFrameAncestors;
-    getInjectableCSP: ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHost }: {
+    getInjectableCSP: ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHost, connectMacroParentDomain }: {
         existingCSPDetails: CSPDetails;
@@ -30,2 +30,3 @@ microsEnv: LambdaEnvironment;
         macroParentHost?: string | undefined;
+        connectMacroParentDomain?: string | undefined;
     }) => string[];
@@ -32,0 +33,0 @@ }

out/csp/csp-injection-service.d.ts.map

@@ -1,1 +0,1 @@
-{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AA8K1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAmCrB,OAAO,CAAC,iBAAiB;IAkElB,gBAAgB;4BASD,UAAU;mBACnB,iBAAiB;;;;;;UAM1B,MAAM,EAAE,CAgGV;CACH"}
+{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AA+K1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAmCrB,OAAO,CAAC,iBAAiB;IAuElB,gBAAgB;4BAUD,UAAU;mBACnB,iBAAiB;;;;;;;UAO1B,MAAM,EAAE,CAgGV;CACH"}

out/csp/csp-injection-service.js

@@ -149,3 +149,3 @@ "use strict";
     constructor() {
-        this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHost }) => {
+        this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHost, connectMacroParentDomain }) => {
             const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv, icOptions);
@@ -156,3 +156,3 @@ const fosCDNUrls = getFOSCDNUrls(microsEnv, icOptions);
                 "'self'",
-                ...this.getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost),
+                ...this.getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost, connectMacroParentDomain),
                 ...getFOSHostDownload(microsEnv, icOptions),
@@ -286,3 +286,3 @@ ...fosCDNUrls
     }
-    getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost) {
+    getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost, connectMacroParentDomain) {
         let frameAncestors = [];
@@ -336,2 +336,5 @@ const localhostWithPortRegex = /^localhost:\d+$/;
         }
+        if (connectMacroParentDomain) {
+            frameAncestors.push(connectMacroParentDomain);
+        }
         if (hostname) {
@@ -338,0 +341,0 @@ frameAncestors.push(hostname);

package.json

 {
   "name": "@forge/csp",
-  "version": "5.7.0",
+  "version": "5.8.0-next.0",
   "description": "Contains the CSP configuration for Custom UI resources in Forge",
@@ -14,3 +14,3 @@ "main": "out/index.js",
   "devDependencies": {
-    "@forge/cli-shared": "8.20.0",
+    "@forge/cli-shared": "8.21.0-next.0",
     "@forge/manifest": "12.6.0",
@@ -17,0 +17,0 @@ "@types/jest": "^29.5.14",

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Unidentified License

License

Something that seems like a license was found, but its contents could not be matched with a known license.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Unidentified License

License

Something that seems like a license was found, but its contents could not be matched with a known license.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

55891

0.69%

Lines of code

598

0.67%

Worsened metrics

Number of low quality alerts

2

100%

No dependency changes