@forge/csp
5.7.0-experimental-a6c65195.8.0-next.0
out/csp/csp-injection-service.js~
out/csp/csp-injection-service.jsModified+6−3
Index: package/out/csp/csp-injection-service.js
===================================================================
--- package/out/csp/csp-injection-service.js
+++ package/out/csp/csp-injection-service.js
@@ -145,15 +145,15 @@
exports.getAtlassianImageHost = getAtlassianImageHost;
exports.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS = ['https://secure.gravatar.com', 'https://images.unsplash.com'];
class CSPInjectionService {
constructor() {
- this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHost }) => {
+ this.getInjectableCSP = ({ existingCSPDetails, microsEnv, tunnelCSPReporterUri, hostname, isFedRAMP, icOptions, macroParentHost, connectMacroParentDomain }) => {
const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(microsEnv, icOptions);
const fosCDNUrls = getFOSCDNUrls(microsEnv, icOptions);
const defaultSrc = ["'self'", ...getFOSHostDownload(microsEnv, icOptions), ...fosCDNUrls].join(' ');
const frameAncestors = [
"'self'",
- ...this.getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost),
+ ...this.getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost, connectMacroParentDomain),
...getFOSHostDownload(microsEnv, icOptions),
...fosCDNUrls
].join(' ');
const frameSrc = [
@@ -280,9 +280,9 @@
allowed.push(...getFOSHostUpload(microsEnv, icOptions));
allowed.push(...getFOSCDNUrls(microsEnv, icOptions));
return allowed;
}
- getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost) {
+ getFrameAncestors(microsEnv, hostname, icOptions, macroParentHost, connectMacroParentDomain) {
let frameAncestors = [];
const localhostWithPortRegex = /^localhost:\d+$/;
switch (microsEnv) {
case 'dev':
@@ -329,8 +329,11 @@
}
}
break;
}
+ if (connectMacroParentDomain) {
+ frameAncestors.push(connectMacroParentDomain);
+ }
if (hostname) {
frameAncestors.push(hostname);
}
return frameAncestors;