npm package diff
Package: @forge/csp
Versions: 3.5.0-next.0 - 3.5.0-next.1
File: package/out/csp/csp-injection-service.js
Index: package/out/csp/csp-injection-service.js
===================================================================
--- package/out/csp/csp-injection-service.js
+++ package/out/csp/csp-injection-service.js
@@ -1,62 +1,62 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.CSPInjectionService = void 0;
const types_1 = require("../types");
-const apiGatewayHost = {
+const ATLASSIAN_API_GATEWAY_HOST = {
dev: 'https://api.dev.atlassian.com',
stg: 'https://api.stg.atlassian.com',
prod: 'https://api.atlassian.com',
'fedramp-stg': 'https://api.stg.atlassian-us-gov-mod.com',
'fedramp-prod': 'https://api.atlassian-us-gov-mod.com'
};
-const mediaGatewayHost = {
+const ATLASSIAN_MEDIA_GATEWAY_HOST = {
dev: 'https://media.dev.atl-paas.net',
stg: 'https://media.staging.atl-paas.net',
prod: 'https://api.media.atlassian.com',
'fedramp-stg': 'https://api-media.stg.atlassian-us-gov-mod.com',
'fedramp-prod': 'https://api-media.atlassian-us-gov-mod.com'
};
-const atlassianAvatarHost = {
+const ATLASSIAN_AVATAR_HOST = {
dev: 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
stg: 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
prod: 'avatar-management--avatars.us-west-2.prod.public.atl-paas.net',
'fedramp-stg': 'avatar-management--avatars.us-east-1.staging.cdn.atlassian-us-gov-mod.com',
'fedramp-prod': 'avatar-management--avatars.us-east-1.prod.cdn.atlassian-us-gov-mod.com'
};
-const atlassianImageHosts = {
+const ATLASSIAN_IMAGES_HOSTS = {
dev: [
- `https://${atlassianAvatarHost['dev']}`,
- `https://*.wp.com/${atlassianAvatarHost['dev']}/`,
- apiGatewayHost['dev'],
- mediaGatewayHost['dev']
+ `https://${ATLASSIAN_AVATAR_HOST['dev']}`,
+ `https://*.wp.com/${ATLASSIAN_AVATAR_HOST['dev']}/`,
+ ATLASSIAN_API_GATEWAY_HOST['dev'],
+ ATLASSIAN_MEDIA_GATEWAY_HOST['dev']
],
stg: [
- `https://${atlassianAvatarHost['stg']}`,
- `https://*.wp.com/${atlassianAvatarHost['stg']}/`,
- apiGatewayHost['stg'],
- mediaGatewayHost['stg']
+ `https://${ATLASSIAN_AVATAR_HOST['stg']}`,
+ `https://*.wp.com/${ATLASSIAN_AVATAR_HOST['stg']}/`,
+ ATLASSIAN_API_GATEWAY_HOST['stg'],
+ ATLASSIAN_MEDIA_GATEWAY_HOST['stg']
],
prod: [
- `https://${atlassianAvatarHost['prod']}`,
- `https://*.wp.com/${atlassianAvatarHost['prod']}/`,
- apiGatewayHost['prod'],
- mediaGatewayHost['prod']
+ `https://${ATLASSIAN_AVATAR_HOST['prod']}`,
+ `https://*.wp.com/${ATLASSIAN_AVATAR_HOST['prod']}/`,
+ ATLASSIAN_API_GATEWAY_HOST['prod'],
+ ATLASSIAN_MEDIA_GATEWAY_HOST['prod']
],
'fedramp-stg': [
- `https://${atlassianAvatarHost['fedramp-stg']}`,
- `https://*.wp.com/${atlassianAvatarHost['fedramp-stg']}/`,
- apiGatewayHost['fedramp-stg'],
- mediaGatewayHost['fedramp-stg']
+ `https://${ATLASSIAN_AVATAR_HOST['fedramp-stg']}`,
+ `https://*.wp.com/${ATLASSIAN_AVATAR_HOST['fedramp-stg']}/`,
+ ATLASSIAN_API_GATEWAY_HOST['fedramp-stg'],
+ ATLASSIAN_MEDIA_GATEWAY_HOST['fedramp-stg']
],
'fedramp-prod': [
- `https://${atlassianAvatarHost['fedramp-prod']}`,
- `https://*.wp.com/${atlassianAvatarHost['fedramp-prod']}/`,
- apiGatewayHost['fedramp-prod'],
- mediaGatewayHost['fedramp-prod']
+ `https://${ATLASSIAN_AVATAR_HOST['fedramp-prod']}`,
+ `https://*.wp.com/${ATLASSIAN_AVATAR_HOST['fedramp-prod']}/`,
+ ATLASSIAN_API_GATEWAY_HOST['fedramp-prod'],
+ ATLASSIAN_MEDIA_GATEWAY_HOST['fedramp-prod']
]
};
-const gravatarUrl = 'https://secure.gravatar.com';
+const EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS = ['https://secure.gravatar.com', 'https://images.unsplash.com'];
class CSPInjectionService {
getCSPReportUri(microsEnv) {
if (microsEnv === 'dev' || microsEnv === 'stg')
return 'https://web-security-reports.stg.services.atlassian.com/csp-report/forge-cdn';
@@ -117,10 +117,10 @@
"'self'",
'data:',
'blob:',
hostname,
- gravatarUrl,
- ...atlassianImageHosts[microsEnv],
+ ...EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS,
+ ...ATLASSIAN_IMAGES_HOSTS[microsEnv],
...this.getExistingCSPDetails(types_1.ExternalCspType.IMG_SRC, existingCSPDetails)
]
.filter((a) => a)
.join(' ');