npm package diff
Package: @forge/csp
Versions: 3.5.0-next.0 - 3.5.0-next.1
Modified: package/out/csp/csp-injection-service.js
Index: package/out/csp/csp-injection-service.js
===================================================================
--- package/out/csp/csp-injection-service.js
+++ package/out/csp/csp-injection-service.js
@@ -1,62 +1,62 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.CSPInjectionService = void 0;
const types_1 = require("../types");
-const apiGatewayHost = {
+const ATLASSIAN_API_GATEWAY_HOST = {
dev: 'https://api.dev.atlassian.com',
stg: 'https://api.stg.atlassian.com',
prod: 'https://api.atlassian.com',
'fedramp-stg': 'https://api.stg.atlassian-us-gov-mod.com',
'fedramp-prod': 'https://api.atlassian-us-gov-mod.com'
};
-const mediaGatewayHost = {
+const ATLASSIAN_MEDIA_GATEWAY_HOST = {
dev: 'https://media.dev.atl-paas.net',
stg: 'https://media.staging.atl-paas.net',
prod: 'https://api.media.atlassian.com',
'fedramp-stg': 'https://api-media.stg.atlassian-us-gov-mod.com',
'fedramp-prod': 'https://api-media.atlassian-us-gov-mod.com'
};
-const atlassianAvatarHost = {
+const ATLASSIAN_AVATAR_HOST = {
dev: 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
stg: 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
prod: 'avatar-management--avatars.us-west-2.prod.public.atl-paas.net',
'fedramp-stg': 'avatar-management--avatars.us-east-1.staging.cdn.atlassian-us-gov-mod.com',
'fedramp-prod': 'avatar-management--avatars.us-east-1.prod.cdn.atlassian-us-gov-mod.com'
};
-const atlassianImageHosts = {
+const ATLASSIAN_IMAGES_HOSTS = {
dev: [
- `https://${atlassianAvatarHost['dev']}`,
- `https://*.wp.com/${atlassianAvatarHost['dev']}/`,
- apiGatewayHost['dev'],
- mediaGatewayHost['dev']
+ `https://${ATLASSIAN_AVATAR_HOST['dev']}`,
+ `https://*.wp.com/${ATLASSIAN_AVATAR_HOST['dev']}/`,
+ ATLASSIAN_API_GATEWAY_HOST['dev'],
+ ATLASSIAN_MEDIA_GATEWAY_HOST['dev']
],
stg: [
- `https://${atlassianAvatarHost['stg']}`,
- `https://*.wp.com/${atlassianAvatarHost['stg']}/`,
- apiGatewayHost['stg'],
- mediaGatewayHost['stg']
+ `https://${ATLASSIAN_AVATAR_HOST['stg']}`,
+ `https://*.wp.com/${ATLASSIAN_AVATAR_HOST['stg']}/`,
+ ATLASSIAN_API_GATEWAY_HOST['stg'],
+ ATLASSIAN_MEDIA_GATEWAY_HOST['stg']
],
prod: [
- `https://${atlassianAvatarHost['prod']}`,
- `https://*.wp.com/${atlassianAvatarHost['prod']}/`,
- apiGatewayHost['prod'],
- mediaGatewayHost['prod']
+ `https://${ATLASSIAN_AVATAR_HOST['prod']}`,
+ `https://*.wp.com/${ATLASSIAN_AVATAR_HOST['prod']}/`,
+ ATLASSIAN_API_GATEWAY_HOST['prod'],
+ ATLASSIAN_MEDIA_GATEWAY_HOST['prod']
],
'fedramp-stg': [
- `https://${atlassianAvatarHost['fedramp-stg']}`,
- `https://*.wp.com/${atlassianAvatarHost['fedramp-stg']}/`,
- apiGatewayHost['fedramp-stg'],
- mediaGatewayHost['fedramp-stg']
+ `https://${ATLASSIAN_AVATAR_HOST['fedramp-stg']}`,
+ `https://*.wp.com/${ATLASSIAN_AVATAR_HOST['fedramp-stg']}/`,
+ ATLASSIAN_API_GATEWAY_HOST['fedramp-stg'],
+ ATLASSIAN_MEDIA_GATEWAY_HOST['fedramp-stg']
],
'fedramp-prod': [
- `https://${atlassianAvatarHost['fedramp-prod']}`,
- `https://*.wp.com/${atlassianAvatarHost['fedramp-prod']}/`,
- apiGatewayHost['fedramp-prod'],
- mediaGatewayHost['fedramp-prod']
+ `https://${ATLASSIAN_AVATAR_HOST['fedramp-prod']}`,
+ `https://*.wp.com/${ATLASSIAN_AVATAR_HOST['fedramp-prod']}/`,
+ ATLASSIAN_API_GATEWAY_HOST['fedramp-prod'],
+ ATLASSIAN_MEDIA_GATEWAY_HOST['fedramp-prod']
]
};
-const gravatarUrl = 'https://secure.gravatar.com';
+const EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS = ['https://secure.gravatar.com', 'https://images.unsplash.com'];
class CSPInjectionService {
getCSPReportUri(microsEnv) {
if (microsEnv === 'dev' || microsEnv === 'stg')
return 'https://web-security-reports.stg.services.atlassian.com/csp-report/forge-cdn';
@@ -117,10 +117,10 @@
"'self'",
'data:',
'blob:',
hostname,
- gravatarUrl,
- ...atlassianImageHosts[microsEnv],
+ ...EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS,
+ ...ATLASSIAN_IMAGES_HOSTS[microsEnv],
...this.getExistingCSPDetails(types_1.ExternalCspType.IMG_SRC, existingCSPDetails)
]
.filter((a) => a)
.join(' ');Modified: package/package.json
Index: package/package.json
===================================================================
--- package/package.json
+++ package/package.json
@@ -1,7 +1,7 @@
{
"name": "@forge/csp",
- "version": "3.5.0-next.0",
+ "version": "3.5.0-next.1",
"description": "Contains the CSP configuration for Custom UI resources in Forge",
"main": "out/index.js",
"author": "Atlassian",
"license": "UNLICENSED",
@@ -10,9 +10,9 @@
"compile": "tsc -b -v",
"clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
},
"devDependencies": {
- "@forge/cli-shared": "6.4.2-next.3",
+ "@forge/cli-shared": "6.5.0-next.4",
"@forge/manifest": "8.2.1-next.2",
"@types/jest": "^29.5.12",
"@types/node": "14.18.63"
},Modified: package/out/csp/csp-injection-service.d.ts.map
Index: package/out/csp/csp-injection-service.d.ts.map
===================================================================
--- package/out/csp/csp-injection-service.d.ts.map
+++ package/out/csp/csp-injection-service.d.ts.map
@@ -1,1 +1,1 @@
-{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAsEvD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,iBAAiB;IAMzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAgBrB,OAAO,CAAC,iBAAiB;IA8BlB,gBAAgB;4BAOD,UAAU;mBACnB,iBAAiB;;;;UAI1B,MAAM,EAAE,CA6DV;CACH"}
\ No newline at end of file
+{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AA0EvD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,iBAAiB;IAMzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAgBrB,OAAO,CAAC,iBAAiB;IA8BlB,gBAAgB;4BAOD,UAAU;mBACnB,iBAAiB;;;;UAI1B,MAAM,EAAE,CA6DV;CACH"}
\ No newline at end of fileModified: package/CHANGELOG.md
Index: package/CHANGELOG.md
===================================================================
--- package/CHANGELOG.md
+++ package/CHANGELOG.md
@@ -1,6 +1,12 @@
# @forge/csp
+## 3.5.0-next.1
+
+### Patch Changes
+
+- 8724df7: Allowing by default the images sourced from Unsplash website for Custom UI apps
+
## 3.5.0-next.0
### Minor Changes