@forge/csp
5.6.1-experimental-5b726e65.7.0-next.0
~
Modified (4 files)
Index: package/out/csp/csp-injection-service.js
===================================================================
--- package/out/csp/csp-injection-service.js
+++ package/out/csp/csp-injection-service.js
@@ -100,8 +100,21 @@
return hostMap[microsEnv](icOptions);
}
return hostMap[microsEnv];
};
+const FOS_CDN_STANDARD_HOST = {
+ dev: 'https://object-store.stg.atlassian.com',
+ stg: 'https://object-store.stg.atlassian.com',
+ prod: 'https://object-store.atlassian.com'
+};
+const FOS_CDN_IC_HOST = makeICHosts((env, icOptions) => `https://object-store.${getICDomain(env, icOptions)}`);
+const FOS_CDN_PATH = '/os/ecosystem/installation/';
+const getFOSCDNHost = (microsEnv, icOptions) => {
+ if (isICEnvKey(microsEnv)) {
+ return icOptions ? FOS_CDN_IC_HOST[microsEnv](icOptions) : undefined;
+ }
+ return FOS_CDN_STANDARD_HOST[microsEnv];
+};
const getFOSHostDownload = (microsEnv, icOptions) => {
const fosHost = getAtlassianHost('ATLASSIAN_FOS_HOST', microsEnv, icOptions);
return isICEnvKey(microsEnv)
? [`${fosHost}/fos/app/download/`, `${fosHost}/fos/cdn/download/`]
@@ -112,8 +125,12 @@
return isICEnvKey(microsEnv)
? [`${fosHost}/fos/app/upload/`, `${fosHost}/fos/cdn/upload/`]
: [`${fosHost}/fos-eap/upload/`, `${fosHost}/fos/app/upload/`, `${fosHost}/fos/cdn/upload/`];
};
+const getFOSCDNUrls = (microsEnv, icOptions) => {
+ const fosCDNHost = getFOSCDNHost(microsEnv, icOptions);
+ return fosCDNHost ? [`${fosCDNHost}${FOS_CDN_PATH}`] : [];
+};
const getAtlassianImageHost = (microsEnv, icOptions) => {
return [
`https://${getAtlassianHost('ATLASSIAN_AVATAR_HOST', microsEnv, icOptions)}`,
`https://*.wp.com/${getAtlassianHost('ATLASSIAN_AVATAR_HOST', microsEnv, icOptions)}/`,
@@ -130,26 +147,30 @@
class CSPInjectionService {
constructor() {
this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHost }) => {
const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv, icOptions);
- const defaultSrc = ["'self'", ...getFOSHostDownload(microsEnv, icOptions)].join(' ');
+ const fosCDNUrls = getFOSCDNUrls(microsEnv, icOptions);
+ const defaultSrc = ["'self'", ...getFOSHostDownload(microsEnv, icOptions), ...fosCDNUrls].join(' ');
const frameAncestors = [
"'self'",
...this.getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost),
- ...getFOSHostDownload(microsEnv, icOptions)
+ ...getFOSHostDownload(microsEnv, icOptions),
+ ...fosCDNUrls
].join(' ');
const frameSrc = [
"'self'",
hostname,
getAtlassianHost('ATLASSIAN_MEDIA_GATEWAY_HOST', microsEnv, icOptions),
...this.getExistingCSPDetails(types_1.ExternalCspType.FRAME_SRC, existingCSPDetails),
- ...getFOSHostDownload(microsEnv, icOptions)
+ ...getFOSHostDownload(microsEnv, icOptions),
+ ...fosCDNUrls
]
.filter((a) => a)
.join(' ');
const fontSrc = [
"'self'",
...getFOSHostDownload(microsEnv, icOptions),
+ ...fosCDNUrls,
...this.getExistingCSPDetails(types_1.ExternalCspType.FONT_SRC, existingCSPDetails)
].join(' ');
const imgSrc = [
"'self'",
@@ -157,8 +178,9 @@
'blob:',
hostname,
...exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS,
...(0, exports.getAtlassianImageHost)(microsEnv, icOptions),
+ ...fosCDNUrls,
...this.getExistingCSPDetails(types_1.ExternalCspType.IMG_SRC, existingCSPDetails)
]
.filter((a) => a)
.join(' ');
@@ -168,9 +190,10 @@
'blob:',
hostname,
getAtlassianHost('ATLASSIAN_MEDIA_GATEWAY_HOST', microsEnv, icOptions),
...this.getExistingCSPDetails(types_1.ExternalCspType.MEDIA_SRC, existingCSPDetails),
- ...getFOSHostDownload(microsEnv, icOptions)
+ ...getFOSHostDownload(microsEnv, icOptions),
+ ...fosCDNUrls
]
.filter((a) => a)
.join(' ');
const connectSrc = [
@@ -185,15 +208,17 @@
const scriptSrc = [
"'self'",
this.getForgeGlobalCSP(microsEnv, isFedRAMP, icOptions),
...getFOSHostDownload(microsEnv, icOptions),
+ ...fosCDNUrls,
...this.getExistingCSPDetails(types_1.ExternalCspType.SCRIPT_SRC, existingCSPDetails)
].join(' ');
const styleSrc = [
"'self'",
hostname,
this.getForgeGlobalCSP(microsEnv, isFedRAMP, icOptions),
...getFOSHostDownload(microsEnv, icOptions),
+ ...fosCDNUrls,
...this.getExistingCSPDetails(types_1.ExternalCspType.STYLE_SRC, existingCSPDetails)
]
.filter((a) => a)
.join(' ');
@@ -252,8 +277,9 @@
allowed.push(fopGeHost);
}
allowed.push(...getFOSHostDownload(microsEnv, icOptions));
allowed.push(...getFOSHostUpload(microsEnv, icOptions));
+ allowed.push(...getFOSCDNUrls(microsEnv, icOptions));
return allowed;
}
getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost) {
let frameAncestors = [];Index: package/package.json
===================================================================
--- package/package.json
+++ package/package.json
@@ -1,7 +1,7 @@
{
"name": "@forge/csp",
- "version": "5.6.1-experimental-5b726e6",
+ "version": "5.7.0-next.0",
"description": "Contains the CSP configuration for Custom UI resources in Forge",
"main": "out/index.js",
"author": "Atlassian",
"license": "SEE LICENSE IN LICENSE.txt",
@@ -10,10 +10,10 @@
"compile": "tsc -b -v",
"clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
},
"devDependencies": {
- "@forge/cli-shared": "8.19.1-next.0-experimental-5b726e6",
- "@forge/manifest": "12.6.0-next.0-experimental-5b726e6",
+ "@forge/cli-shared": "8.20.0-next.4",
+ "@forge/manifest": "12.6.0-next.2",
"@types/jest": "^29.5.14",
"@types/node": "20.19.1",
"cheerio": "^1.1.0"
},Index: package/out/csp/csp-injection-service.d.ts.map
===================================================================
--- package/out/csp/csp-injection-service.d.ts.map
+++ package/out/csp/csp-injection-service.d.ts.map
@@ -1,1 +1,1 @@
-{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAsJ1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAkCrB,OAAO,CAAC,iBAAiB;IAkElB,gBAAgB;4BASD,UAAU;mBACnB,iBAAiB;;;;;;UAM1B,MAAM,EAAE,CAwFV;CACH"}
\ No newline at end of file
+{"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAEvD,aAAK,iBAAiB,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAIF,aAAK,oBAAoB,GAAG;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,MAAM,CAAC;CAC3B,CAAC;AAEF,aAAK,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AA8K1D,eAAO,MAAM,qBAAqB,cAAe,iBAAiB,cAAc,SAAS,KAAG,MAAM,EAWjG,CAAC;AAMF,eAAO,MAAM,kCAAkC,UAAiE,CAAC;AAEjH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,aAAa;IAmCrB,OAAO,CAAC,iBAAiB;IAkElB,gBAAgB;4BASD,UAAU;mBACnB,iBAAiB;;;;;;UAM1B,MAAM,EAAE,CAgGV;CACH"}
\ No newline at end of fileIndex: package/CHANGELOG.md
===================================================================
--- package/CHANGELOG.md
+++ package/CHANGELOG.md
@@ -1,6 +1,12 @@
# @forge/csp
+## 5.7.0-next.0
+
+### Minor Changes
+
+- 4af6ca2: Added new Forge Object Store CDN URLs
+
## 5.6.1
### Patch Changes