@forge/csp

5.5.0-next.05.5.0-next.1
~

Modified (5 files)

out/csp/csp-injection-service.js View → 
Index: package/out/csp/csp-injection-service.js
===================================================================
--- package/out/csp/csp-injection-service.js
+++ package/out/csp/csp-injection-service.js
@@ -128,14 +128,14 @@
 exports.getAtlassianImageHost = getAtlassianImageHost;
 exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS = ['https://secure.gravatar.com', 'https://images.unsplash.com'];
 class CSPInjectionService {
     constructor() {
-        this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHostDomain }) => {
+        this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHost }) => {
             const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv, icOptions);
             const defaultSrc = ["'self'", ...getFOSHostDownload(microsEnv, icOptions)].join(' ');
             const frameAncestors = [
                 "'self'",
-                ...this.getFrameAncestors(microsEnv, hostname, icOptions, macroParentHostDomain),
+                ...this.getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost),
                 ...getFOSHostDownload(microsEnv, icOptions)
             ].join(' ');
             const frameSrc = [
                 "'self'",
@@ -251,10 +251,11 @@
         allowed.push(...getFOSHostDownload(microsEnv, icOptions));
         allowed.push(...getFOSHostUpload(microsEnv, icOptions));
         return allowed;
     }
-    getFrameAncestors(microsEnv, hostname, icOptions, macroParentHostDomain) {
+    getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost) {
         let frameAncestors = [];
+        const localhostWithPortRegex = /^localhost:\d+$/;
         switch (microsEnv) {
             case 'dev':
             case 'stg':
                 frameAncestors = [
@@ -264,10 +265,10 @@
                     'https://integration.bb-inf.net',
                     '*.atl-paas.net',
                     '*.stg.atlassian.com'
                 ];
-                if (macroParentHostDomain) {
-                    frameAncestors.push(`${macroParentHostDomain}.cdn.stg.atlassian-dev.net`);
+                if (macroParentHost && !localhostWithPortRegex.test(macroParentHost)) {
+                    frameAncestors.push(`${macroParentHost}.cdn.stg.atlassian-dev.net`);
                 }
                 break;
             case 'fedramp-stg':
                 frameAncestors = ['*.atlassian-stg-fedm.net'];
@@ -289,10 +290,15 @@
                     '*.jira.com',
                     '*.atlassian.com',
                     '*.frontend.public.atl-paas.net'
                 ];
-                if (macroParentHostDomain) {
-                    frameAncestors.push(`${macroParentHostDomain}.cdn.prod.atlassian-dev.net`);
+                if (macroParentHost) {
+                    if (localhostWithPortRegex.test(macroParentHost)) {
+                        frameAncestors.push(macroParentHost);
+                    }
+                    else {
+                        frameAncestors.push(`${macroParentHost}.cdn.prod.atlassian-dev.net`);
+                    }
                 }
                 break;
         }
         if (hostname) {
package.json View → 
Index: package/package.json
===================================================================
--- package/package.json
+++ package/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@forge/csp",
-  "version": "5.5.0-next.0",
+  "version": "5.5.0-next.1",
   "description": "Contains the CSP configuration for Custom UI resources in Forge",
   "main": "out/index.js",
   "author": "Atlassian",
   "license": "SEE LICENSE IN LICENSE.txt",
@@ -10,10 +10,10 @@
     "compile": "tsc -b -v",
     "clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
   },
   "devDependencies": {
-    "@forge/cli-shared": "8.11.0-next.3",
-    "@forge/manifest": "11.1.1-next.1",
+    "@forge/cli-shared": "8.11.0-next.4",
+    "@forge/manifest": "11.2.0-next.2",
     "@types/jest": "^29.5.14",
     "@types/node": "20.19.1",
     "cheerio": "^1.1.0"
   },
out/csp/csp-injection-service.d.ts.map View → 
Index: package/out/csp/csp-injection-service.d.ts.map
===================================================================
--- package/out/csp/csp-injection-service.d.ts.map
+++ package/out/csp/csp-injection-service.d.ts.map
@@ -1,1 +1,1 @@
-{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAsJ1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAkCrB,OAAO,CAAC,iBAAiB;IA4DlB,gBAAgB;4BASD,UAAU;mBACnB,iBAAiB;;;;;;UAM1B,MAAM,EAAE,CAoFV;CACH"}
\ No newline at end of file
+{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAsJ1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAkCrB,OAAO,CAAC,iBAAiB;IAkElB,gBAAgB;4BASD,UAAU;mBACnB,iBAAiB;;;;;;UAM1B,MAAM,EAAE,CAoFV;CACH"}
\ No newline at end of file
CHANGELOG.md View → 
Index: package/CHANGELOG.md
===================================================================
--- package/CHANGELOG.md
+++ package/CHANGELOG.md
@@ -1,6 +1,12 @@
 # @forge/csp
 
+## 5.5.0-next.1
+
+### Patch Changes
+
+- ddc6274: Add localhost to frameAncestors in prod when passed in appContext
+
 ## 5.5.0-next.0
 
 ### Minor Changes
out/csp/csp-injection-service.d.ts View → 
Index: package/out/csp/csp-injection-service.d.ts
===================================================================
--- package/out/csp/csp-injection-service.d.ts
+++ package/out/csp/csp-injection-service.d.ts
@@ -17,16 +17,16 @@
     private getMetalClientCSP;
     private getExistingCSPDetails;
     private getConnectSrc;
     private getFrameAncestors;
-    getInjectableCSP: ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHostDomain }: {
+    getInjectableCSP: ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHost }: {
         existingCSPDetails: CSPDetails;
         microsEnv: LambdaEnvironment;
         tunnelCSPReporterUri?: string | undefined;
         hostname?: string | undefined;
         isFedRAMP?: boolean | undefined;
         icOptions?: IcOptions | undefined;
-        macroParentHostDomain?: string | undefined;
+        macroParentHost?: string | undefined;
     }) => string[];
 }
 export {};
 //# sourceMappingURL=csp-injection-service.d.ts.map
\ No newline at end of file