npm package diff
Package: @forge/csp
Versions: 5.2.0-next.4 - 5.2.0-next.5
File: package/out/csp/csp-injection-service.js
Index: package/out/csp/csp-injection-service.js
===================================================================
--- package/out/csp/csp-injection-service.js
+++ package/out/csp/csp-injection-service.js
@@ -118,11 +118,20 @@
class CSPInjectionService {
constructor() {
this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions }) => {
const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv, icOptions);
- const defaultSrc = `'self'`;
- const frameAncestors = ["'self'", ...this.getFrameAncestors(microsEnv, hostname, icOptions)].join(' ');
- const frameSrc = ["'self'", hostname, ...this.getExistingCSPDetails(types_1.ExternalCspType.FRAME_SRC, existingCSPDetails)]
+ const defaultSrc = ["'self'", ...getFOSHostDownload(microsEnv, icOptions)].join(' ');
+ const frameAncestors = [
+ "'self'",
+ ...this.getFrameAncestors(microsEnv, hostname, icOptions),
+ ...getFOSHostDownload(microsEnv, icOptions)
+ ].join(' ');
+ const frameSrc = [
+ "'self'",
+ hostname,
+ ...this.getExistingCSPDetails(types_1.ExternalCspType.FRAME_SRC, existingCSPDetails),
+ ...getFOSHostDownload(microsEnv, icOptions)
+ ]
.filter((a) => a)
.join(' ');
const fontSrc = [
"'self'",
@@ -145,9 +154,10 @@
'data:',
'blob:',
hostname,
getAtlassianHost('ATLASSIAN_MEDIA_GATEWAY_HOST', microsEnv, icOptions),
- ...this.getExistingCSPDetails(types_1.ExternalCspType.MEDIA_SRC, existingCSPDetails)
+ ...this.getExistingCSPDetails(types_1.ExternalCspType.MEDIA_SRC, existingCSPDetails),
+ ...getFOSHostDownload(microsEnv, icOptions)
]
.filter((a) => a)
.join(' ');
const connectSrc = [