npm package diff
Package: @forge/csp
Versions: 4.1.0-experimental-255e232 - 4.2.0-next.0
File: package/out/csp/csp-injection-service.js
Index: package/out/csp/csp-injection-service.js
===================================================================
--- package/out/csp/csp-injection-service.js
+++ package/out/csp/csp-injection-service.js
@@ -1,156 +1,173 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
-exports.CSPInjectionService = exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS = exports.ATLASSIAN_IMAGES_HOSTS = void 0;
+exports.CSPInjectionService = exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS = exports.getAtlassianImageHost = void 0;
const types_1 = require("../types");
-const ATLASSIAN_API_GATEWAY_HOST = {
- dev: 'https://api.dev.atlassian.com',
- stg: 'https://api.stg.atlassian.com',
- prod: 'https://api.atlassian.com',
- 'fedramp-stg': 'https://api.stg.atlassian-us-gov-mod.com',
- 'fedramp-prod': 'https://api.atlassian-us-gov-mod.com'
+const ATLASSIAN_HOST = {
+ ATLASSIAN_API_GATEWAY_HOST: {
+ dev: 'https://api.dev.atlassian.com',
+ stg: 'https://api.stg.atlassian.com',
+ prod: 'https://api.atlassian.com',
+ 'fedramp-stg': 'https://api.stg.atlassian-us-gov-mod.com',
+ 'fedramp-prod': 'https://api.atlassian-us-gov-mod.com',
+ 'ic-stg': (_icOptions) => 'https://api.pear.oasis-stg.com',
+ 'ic-prod': ({ icLabel }) => `https://api.${icLabel}.atlassian-isolated.net`
+ },
+ ATLASSIAN_MEDIA_GATEWAY_HOST: {
+ dev: 'https://media.dev.atl-paas.net',
+ stg: 'https://media.staging.atl-paas.net',
+ prod: 'https://api.media.atlassian.com',
+ 'fedramp-stg': 'https://api-media.stg.atlassian-us-gov-mod.com',
+ 'fedramp-prod': 'https://api-media.atlassian-us-gov-mod.com',
+ 'ic-stg': (_icOptions) => 'https://media-api.pear.oasis-stg.com',
+ 'ic-prod': ({ icLabel }) => `https://media-api.${icLabel}.atlassian-isolated.net`
+ },
+ ATLASSIAN_AVATAR_HOST: {
+ dev: 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
+ stg: 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
+ prod: 'avatar-management--avatars.us-west-2.prod.public.atl-paas.net',
+ 'fedramp-stg': 'avatar-management--avatars.us-east-1.staging.cdn.atlassian-us-gov-mod.com',
+ 'fedramp-prod': 'avatar-management--avatars.us-east-1.prod.cdn.atlassian-us-gov-mod.com',
+ 'ic-stg': (_icOptions) => 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
+ 'ic-prod': ({ icLabel }) => 'avatar-management--avatars.us-west-2.prod.public.atl-paas.net'
+ },
+ ATLASSIAN_TEAM_HEADER_HOST: {
+ dev: 'https://ptc-directory-sited-static.us-east-1.staging.public.atl-paas.net/gradients/',
+ stg: 'https://ptc-directory-sited-static.us-east-1.staging.public.atl-paas.net/gradients/',
+ prod: 'https://ptc-directory-sited-static.us-east-1.prod.public.atl-paas.net/gradients/',
+ 'fedramp-stg': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/',
+ 'fedramp-prod': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/',
+ 'ic-stg': (_icOptions) => 'https://teams-directory-frontend.services.pear.oasis-stg.com/bfa/',
+ 'ic-prod': ({ icLabel }) => `https://teams-directory-frontend.services.${icLabel}.atlassian-isolated.net/bfa/`
+ },
+ ATLASSIAN_TEAM_AVATAR_HOST: {
+ dev: 'https://teams-directory-frontend.stg-east.frontend.public.atl-paas.net/assets/',
+ stg: 'https://teams-directory-frontend.stg-east.frontend.public.atl-paas.net/assets/',
+ prod: 'https://teams-directory-frontend.prod-east.frontend.public.atl-paas.net/assets/',
+ 'fedramp-stg': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/',
+ 'fedramp-prod': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/',
+ 'ic-stg': (_icOptions) => 'https://teams-directory-frontend.services.pear.oasis-stg.com/bfa/',
+ 'ic-prod': ({ icLabel }) => `https://teams-directory-frontend.services.${icLabel}.atlassian-isolated.net/bfa/`
+ },
+ ATLASSIAN_EMOJIS_HOST: {
+ dev: 'https://pf-emoji-service--cdn.ap-southeast-2.dev.public.atl-paas.net',
+ stg: 'https://pf-emoji-service--cdn.us-east-1.staging.public.atl-paas.net',
+ prod: 'https://pf-emoji-service--cdn.us-east-1.prod.public.atl-paas.net',
+ 'fedramp-stg': 'https://pf-emoji-service--cdn.us-east-1.staging.cdn.atlassian-us-gov-mod.com',
+ 'fedramp-prod': 'https://pf-emoji-service--cdn.us-east-1.prod.cdn.atlassian-us-gov-mod.com',
+ 'ic-stg': (_icOptions) => 'https://pf-emoji-service.pear.oasis-stg.com',
+ 'ic-prod': ({ icLabel }) => `https://pf-emoji-service.${icLabel}.atlassian-isolated.net`
+ }
};
-const ATLASSIAN_MEDIA_GATEWAY_HOST = {
- dev: 'https://media.dev.atl-paas.net',
- stg: 'https://media.staging.atl-paas.net',
- prod: 'https://api.media.atlassian.com',
- 'fedramp-stg': 'https://api-media.stg.atlassian-us-gov-mod.com',
- 'fedramp-prod': 'https://api-media.atlassian-us-gov-mod.com'
+const getAtlassianHost = (hostType, microsEnv, icOptions) => {
+ const hostMap = ATLASSIAN_HOST[hostType];
+ if (microsEnv === 'ic-prod' || microsEnv === 'ic-stg') {
+ if (!icOptions) {
+ throw new Error('Missing IC label');
+ }
+ return hostMap[microsEnv](icOptions);
+ }
+ return hostMap[microsEnv];
};
-const ATLASSIAN_AVATAR_HOST = {
- dev: 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
- stg: 'avatar-management--avatars.us-west-2.staging.public.atl-paas.net',
- prod: 'avatar-management--avatars.us-west-2.prod.public.atl-paas.net',
- 'fedramp-stg': 'avatar-management--avatars.us-east-1.staging.cdn.atlassian-us-gov-mod.com',
- 'fedramp-prod': 'avatar-management--avatars.us-east-1.prod.cdn.atlassian-us-gov-mod.com'
+const getAtlassianImageHost = (microsEnv, icOptions) => {
+ return [
+ `https://${getAtlassianHost('ATLASSIAN_AVATAR_HOST', microsEnv, icOptions)}`,
+ `https://*.wp.com/${getAtlassianHost('ATLASSIAN_AVATAR_HOST', microsEnv, icOptions)}/`,
+ getAtlassianHost('ATLASSIAN_API_GATEWAY_HOST', microsEnv, icOptions),
+ getAtlassianHost('ATLASSIAN_MEDIA_GATEWAY_HOST', microsEnv, icOptions),
+ getAtlassianHost('ATLASSIAN_EMOJIS_HOST', microsEnv, icOptions),
+ getAtlassianHost('ATLASSIAN_TEAM_AVATAR_HOST', microsEnv, icOptions),
+ getAtlassianHost('ATLASSIAN_TEAM_HEADER_HOST', microsEnv, icOptions)
+ ];
};
-const ATLASSIAN_TEAM_HEADER_HOST = {
- dev: 'https://ptc-directory-sited-static.us-east-1.staging.public.atl-paas.net/gradients/',
- stg: 'https://ptc-directory-sited-static.us-east-1.staging.public.atl-paas.net/gradients/',
- prod: 'https://ptc-directory-sited-static.us-east-1.prod.public.atl-paas.net/gradients/',
- 'fedramp-stg': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/',
- 'fedramp-prod': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/'
-};
-const ATLASSIAN_TEAM_AVATAR_HOST = {
- dev: 'https://teams-directory-frontend.stg-east.frontend.public.atl-paas.net/assets/',
- stg: 'https://teams-directory-frontend.stg-east.frontend.public.atl-paas.net/assets/',
- prod: 'https://teams-directory-frontend.prod-east.frontend.public.atl-paas.net/assets/',
- 'fedramp-stg': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/',
- 'fedramp-prod': 'https://teams-directory-frontend.frontend.cdn.atlassian-us-gov-mod.com/assets/'
-};
-const ATLASSIAN_EMOJIS_HOST = {
- dev: 'https://pf-emoji-service--cdn.ap-southeast-2.dev.public.atl-paas.net',
- stg: 'https://pf-emoji-service--cdn.us-east-1.staging.public.atl-paas.net',
- prod: 'https://pf-emoji-service--cdn.us-east-1.prod.public.atl-paas.net',
- 'fedramp-stg': 'https://pf-emoji-service--cdn.us-east-1.staging.cdn.atlassian-us-gov-mod.com',
- 'fedramp-prod': 'https://pf-emoji-service--cdn.us-east-1.prod.cdn.atlassian-us-gov-mod.com'
-};
-exports.ATLASSIAN_IMAGES_HOSTS = {
- dev: [
- `https://${ATLASSIAN_AVATAR_HOST['dev']}`,
- `https://*.wp.com/${ATLASSIAN_AVATAR_HOST['dev']}/`,
- ATLASSIAN_API_GATEWAY_HOST['dev'],
- ATLASSIAN_MEDIA_GATEWAY_HOST['dev'],
- ATLASSIAN_EMOJIS_HOST['dev'],
- ATLASSIAN_TEAM_AVATAR_HOST['dev'],
- ATLASSIAN_TEAM_HEADER_HOST['dev']
- ],
- stg: [
- `https://${ATLASSIAN_AVATAR_HOST['stg']}`,
- `https://*.wp.com/${ATLASSIAN_AVATAR_HOST['stg']}/`,
- ATLASSIAN_API_GATEWAY_HOST['stg'],
- ATLASSIAN_MEDIA_GATEWAY_HOST['stg'],
- ATLASSIAN_EMOJIS_HOST['stg'],
- ATLASSIAN_TEAM_AVATAR_HOST['stg'],
- ATLASSIAN_TEAM_HEADER_HOST['stg']
- ],
- prod: [
- `https://${ATLASSIAN_AVATAR_HOST['prod']}`,
- `https://*.wp.com/${ATLASSIAN_AVATAR_HOST['prod']}/`,
- ATLASSIAN_API_GATEWAY_HOST['prod'],
- ATLASSIAN_MEDIA_GATEWAY_HOST['prod'],
- ATLASSIAN_EMOJIS_HOST['prod'],
- ATLASSIAN_TEAM_AVATAR_HOST['prod'],
- ATLASSIAN_TEAM_HEADER_HOST['prod']
- ],
- 'fedramp-stg': [
- `https://${ATLASSIAN_AVATAR_HOST['fedramp-stg']}`,
- `https://*.wp.com/${ATLASSIAN_AVATAR_HOST['fedramp-stg']}/`,
- ATLASSIAN_API_GATEWAY_HOST['fedramp-stg'],
- ATLASSIAN_MEDIA_GATEWAY_HOST['fedramp-stg'],
- ATLASSIAN_EMOJIS_HOST['fedramp-stg'],
- ATLASSIAN_TEAM_AVATAR_HOST['fedramp-stg'],
- ATLASSIAN_TEAM_HEADER_HOST['fedramp-stg']
- ],
- 'fedramp-prod': [
- `https://${ATLASSIAN_AVATAR_HOST['fedramp-prod']}`,
- `https://*.wp.com/${ATLASSIAN_AVATAR_HOST['fedramp-prod']}/`,
- ATLASSIAN_API_GATEWAY_HOST['fedramp-prod'],
- ATLASSIAN_MEDIA_GATEWAY_HOST['fedramp-prod'],
- ATLASSIAN_EMOJIS_HOST['fedramp-prod'],
- ATLASSIAN_TEAM_AVATAR_HOST['fedramp-prod'],
- ATLASSIAN_TEAM_HEADER_HOST['fedramp-prod']
- ]
-};
+exports.getAtlassianImageHost = getAtlassianImageHost;
exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS = ['https://secure.gravatar.com', 'https://images.unsplash.com'];
class CSPInjectionService {
- getCSPReportUri(microsEnv) {
+ isIsolatedContext(microsEnv, icOptions) {
+ return microsEnv.startsWith('ic') && !!icOptions;
+ }
+ getCSPReportUri(microsEnv, icOptions) {
+ const serviceName = this.isIsolatedContext(microsEnv, icOptions) ? icOptions.serviceName : 'forge-cdn';
if (microsEnv === 'dev' || microsEnv === 'stg')
- return 'https://web-security-reports.stg.services.atlassian.com/csp-report/forge-cdn';
- return 'https://web-security-reports.services.atlassian.com/csp-report/forge-cdn';
+ return `https://web-security-reports.stg.services.atlassian.com/csp-report/${serviceName}`;
+ return `https://web-security-reports.services.atlassian.com/csp-report/${serviceName}`;
}
- getForgeGlobalCSP(microsEnv, isFedRAMP = false) {
+ getForgeGlobalCSP(microsEnv, isFedRAMP = false, icOptions) {
+ if (this.isIsolatedContext(microsEnv, icOptions)) {
+ return microsEnv === 'ic-stg'
+ ? 'https://forge.forge-cdn.pear.oasis-stg.com'
+ : `https://forge.forge-cdn.${icOptions.icLabel}.atlassian-isolated.net`;
+ }
return isFedRAMP
? `https://forge.cdn.${microsEnv.split('-')[1]}.atlassian-dev-us-gov-mod.net`
: `https://forge.cdn.${microsEnv}.atlassian-dev.net`;
}
+ getMetalClientCSP(microsEnv, icOptions) {
+ if (this.isIsolatedContext(microsEnv, icOptions)) {
+ return microsEnv === 'ic-stg'
+ ? 'https://api.pear.oasis-stg/metal/ingest'
+ : `https://api.${icOptions.icLabel}.atlassian-isolated.net/metal/ingest`;
+ }
+ return `https://api.${microsEnv === 'prod' ? '' : 'stg.'}atlassian.com/metal/ingest`;
+ }
getExistingCSPDetails(cspType, cspDetails) {
return cspDetails[cspType] ?? [];
}
- getConnectSrc(microsEnv, isTunnelling) {
+ getConnectSrc(microsEnv, isTunnelling, icOptions) {
const allowed = [];
if (isTunnelling) {
allowed.push(...['ws://localhost:*', 'http://localhost:*']);
}
- allowed.push(`https://api.${microsEnv === 'prod' ? '' : 'stg.'}atlassian.com/metal/ingest`);
- allowed.push(`${ATLASSIAN_API_GATEWAY_HOST[microsEnv]}/gateway/api/emoji/`);
- allowed.push(ATLASSIAN_MEDIA_GATEWAY_HOST[microsEnv]);
+ const metalClientCSP = this.getMetalClientCSP(microsEnv, icOptions);
+ allowed.push(metalClientCSP);
+ allowed.push(`${getAtlassianHost('ATLASSIAN_API_GATEWAY_HOST', microsEnv, icOptions)}/gateway/api/emoji/`);
+ allowed.push(getAtlassianHost('ATLASSIAN_MEDIA_GATEWAY_HOST', microsEnv, icOptions));
return allowed;
}
getFrameAncestors(microsEnv, hostname) {
let frameAncestors = [];
- if (microsEnv === 'dev' || microsEnv === 'stg') {
- frameAncestors = [
- '*.jira-dev.com',
- 'http://localhost:*',
- 'http://devbucket.localhost',
- 'https://integration.bb-inf.net',
- '*.atl-paas.net',
- '*.stg.atlassian.com'
- ];
+ switch (microsEnv) {
+ case 'dev':
+ case 'stg':
+ frameAncestors = [
+ '*.jira-dev.com',
+ 'http://localhost:*',
+ 'http://devbucket.localhost',
+ 'https://integration.bb-inf.net',
+ '*.atl-paas.net',
+ '*.stg.atlassian.com'
+ ];
+ break;
+ case 'fedramp-stg':
+ frameAncestors = ['*.atlassian-stg-fedm.net'];
+ break;
+ case 'fedramp-prod':
+ frameAncestors = ['*.atlassian-us-gov-mod.net'];
+ break;
+ case 'ic-stg':
+ frameAncestors = ['*.oasis-stg.com'];
+ break;
+ case 'ic-prod':
+ frameAncestors = ['*.atlassian-isolated.net'];
+ break;
+ case 'prod':
+ default:
+ frameAncestors = [
+ '*.atlassian.net',
+ 'bitbucket.org',
+ '*.jira.com',
+ '*.atlassian.com',
+ '*.frontend.public.atl-paas.net'
+ ];
+ break;
}
- else if (microsEnv === 'fedramp-stg') {
- frameAncestors = ['*.atlassian-stg-fedm.net'];
- }
- else if (microsEnv === 'fedramp-prod') {
- frameAncestors = ['*.atlassian-us-gov-mod.net'];
- }
- else {
- frameAncestors = [
- '*.atlassian.net',
- 'bitbucket.org',
- '*.jira.com',
- '*.atlassian.com',
- '*.frontend.public.atl-paas.net'
- ];
- }
if (hostname) {
frameAncestors.push(hostname);
}
return frameAncestors;
}
- getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP }) => {
- const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv);
+ getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions }) => {
+ const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv, icOptions);
const defaultSrc = `'self'`;
const frameAncestors = ["'self'", ...this.getFrameAncestors(microsEnv, hostname)].join(' ');
const frameSrc = ["'self'", hostname, ...this.getExistingCSPDetails(types_1.ExternalCspType.FRAME_SRC, existingCSPDetails)]
.filter((a) => a)
@@ -161,9 +178,9 @@
'data:',
'blob:',
hostname,
...exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS,
- ...exports.ATLASSIAN_IMAGES_HOSTS[microsEnv],
+ ...(0, exports.getAtlassianImageHost)(microsEnv, icOptions),
...this.getExistingCSPDetails(types_1.ExternalCspType.IMG_SRC, existingCSPDetails)
]
.filter((a) => a)
.join(' ');
@@ -171,26 +188,26 @@
"'self'",
'data:',
'blob:',
hostname,
- ATLASSIAN_MEDIA_GATEWAY_HOST[microsEnv],
+ getAtlassianHost('ATLASSIAN_MEDIA_GATEWAY_HOST', microsEnv, icOptions),
...this.getExistingCSPDetails(types_1.ExternalCspType.MEDIA_SRC, existingCSPDetails)
]
.filter((a) => a)
.join(' ');
const connectSrc = [
"'self'",
- ...this.getConnectSrc(microsEnv, !!tunnelCSPReporterUri),
+ ...this.getConnectSrc(microsEnv, !!tunnelCSPReporterUri, icOptions),
...this.getExistingCSPDetails(types_1.ExternalCspType.CONNECT_SRC, existingCSPDetails)
].join(' ');
const scriptSrc = [
"'self'",
- this.getForgeGlobalCSP(microsEnv, isFedRAMP),
+ this.getForgeGlobalCSP(microsEnv, isFedRAMP, icOptions),
...this.getExistingCSPDetails(types_1.ExternalCspType.SCRIPT_SRC, existingCSPDetails)
].join(' ');
const styleSrc = [
"'self'",
- this.getForgeGlobalCSP(microsEnv, isFedRAMP),
+ this.getForgeGlobalCSP(microsEnv, isFedRAMP, icOptions),
...this.getExistingCSPDetails(types_1.ExternalCspType.STYLE_SRC, existingCSPDetails)
].join(' ');
return [
`default-src ${defaultSrc}`,