npm package diff

Package: @forge/csp

Versions: 5.2.0-next.4 - 5.2.0-next.5

Modified: package/out/csp/csp-injection-service.js

Index: package/out/csp/csp-injection-service.js
===================================================================
--- package/out/csp/csp-injection-service.js
+++ package/out/csp/csp-injection-service.js
@@ -118,11 +118,20 @@
 class CSPInjectionService {
     constructor() {
         this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions }) => {
             const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv, icOptions);
-            const defaultSrc = `'self'`;
-            const frameAncestors = ["'self'", ...this.getFrameAncestors(microsEnv, hostname, icOptions)].join(' ');
-            const frameSrc = ["'self'", hostname, ...this.getExistingCSPDetails(types_1.ExternalCspType.FRAME_SRC, existingCSPDetails)]
+            const defaultSrc = ["'self'", ...getFOSHostDownload(microsEnv, icOptions)].join(' ');
+            const frameAncestors = [
+                "'self'",
+                ...this.getFrameAncestors(microsEnv, hostname, icOptions),
+                ...getFOSHostDownload(microsEnv, icOptions)
+            ].join(' ');
+            const frameSrc = [
+                "'self'",
+                hostname,
+                ...this.getExistingCSPDetails(types_1.ExternalCspType.FRAME_SRC, existingCSPDetails),
+                ...getFOSHostDownload(microsEnv, icOptions)
+            ]
                 .filter((a) => a)
                 .join(' ');
             const fontSrc = [
                 "'self'",
@@ -145,9 +154,10 @@
                 'data:',
                 'blob:',
                 hostname,
                 getAtlassianHost('ATLASSIAN_MEDIA_GATEWAY_HOST', microsEnv, icOptions),
-                ...this.getExistingCSPDetails(types_1.ExternalCspType.MEDIA_SRC, existingCSPDetails)
+                ...this.getExistingCSPDetails(types_1.ExternalCspType.MEDIA_SRC, existingCSPDetails),
+                ...getFOSHostDownload(microsEnv, icOptions)
             ]
                 .filter((a) => a)
                 .join(' ');
             const connectSrc = [

Modified: package/package.json

Index: package/package.json
===================================================================
--- package/package.json
+++ package/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@forge/csp",
-  "version": "5.2.0-next.4",
+  "version": "5.2.0-next.5",
   "description": "Contains the CSP configuration for Custom UI resources in Forge",
   "main": "out/index.js",
   "author": "Atlassian",
   "license": "SEE LICENSE IN LICENSE.txt",
@@ -10,10 +10,10 @@
     "compile": "tsc -b -v",
     "clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
   },
   "devDependencies": {
-    "@forge/cli-shared": "8.8.1-next.3",
-    "@forge/manifest": "10.8.0-next.3",
+    "@forge/cli-shared": "8.8.1-next.5",
+    "@forge/manifest": "10.8.0-next.5",
     "@types/jest": "^29.5.14",
     "@types/node": "20.19.1",
     "cheerio": "^1.1.0"
   },

Modified: package/out/csp/csp-injection-service.d.ts.map

Index: package/out/csp/csp-injection-service.d.ts.map
===================================================================
--- package/out/csp/csp-injection-service.d.ts.map
+++ package/out/csp/csp-injection-service.d.ts.map
@@ -1,1 +1,1 @@
-{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAoI1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IA8BrB,OAAO,CAAC,iBAAiB;IAiDlB,gBAAgB;4BAQD,UAAU;mBACnB,iBAAiB;;;;;UAK1B,MAAM,EAAE,CAwEV;CACH"}
\ No newline at end of file
+{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAoI1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IA8BrB,OAAO,CAAC,iBAAiB;IAiDlB,gBAAgB;4BAQD,UAAU;mBACnB,iBAAiB;;;;;UAK1B,MAAM,EAAE,CAkFV;CACH"}
\ No newline at end of file

Modified: package/CHANGELOG.md

Index: package/CHANGELOG.md
===================================================================
--- package/CHANGELOG.md
+++ package/CHANGELOG.md
@@ -1,6 +1,12 @@
 # @forge/csp
 
+## 5.2.0-next.5
+
+### Patch Changes
+
+- 15a3a17: Add FOS download paths to frame-src, frame-ancestors and media-src
+
 ## 5.2.0-next.4
 
 ### Patch Changes