npm package diff

Package: @forge/tunnel

Versions: 5.10.2-next.2 - 5.10.2-next.3

File: package/out/servers/resource-tunnel-server.js

Index: package/out/servers/resource-tunnel-server.js
===================================================================
--- package/out/servers/resource-tunnel-server.js
+++ package/out/servers/resource-tunnel-server.js
@@ -33,13 +33,14 @@
         if (reqUrl !== '/' && reqUrl !== '/index.html')
             return;
         this.logger.info(cli_shared_1.LogColor.trace(textDecorator('index.html')));
     }
-    getCspHeader = (existingCsp) => new csp_1.CSPInjectionService()
+    getCspHeader = (existingCsp, hostname) => new csp_1.CSPInjectionService()
         .getInjectableCSP({
         existingCSPDetails: existingCsp,
         microsEnv: (0, cli_shared_1.getEnvironmentConfig)(cli_shared_1.CDNEnvironments),
-        tunnelCSPReporterUri: `http://localhost:${this.cspReporterServerPort}`
+        tunnelCSPReporterUri: `http://localhost:${this.cspReporterServerPort}`,
+        hostname
     })
         .join('; ');
     injectGlobalBridgeScript = (htmlContent) => new cli_shared_1.BridgeScriptService().injectBridgeCore(htmlContent, () => {
         throw new Error('Malformed HTML document');
@@ -48,15 +49,16 @@
         throw new Error('Malformed HTML document');
     });
     getCustomUIHtmlTransformMiddleware = (permissions, remotes) => (0, express_intercept_1.responseHandler)()
         .if((res) => /html/i.test(res.get('content-type')))
-        .replaceBuffer((body, _, res) => {
-        if (!res)
+        .replaceBuffer((body, req, res) => {
+        if (!res || !req)
             return body;
         const htmlContentWithIframeResizerScript = this.injectIframeResizerScript(body);
         const htmlContentWithBridgeScript = this.injectGlobalBridgeScript(htmlContentWithIframeResizerScript);
         const cspDetails = new csp_1.CSPProcessingService({ info: () => { } }).getCspDetails(htmlContentWithBridgeScript, ResourceTunnelServer.transformPermissionsWithRemotes(permissions, remotes));
-        res.setHeader('Content-Security-Policy', this.getCspHeader(cspDetails));
+        const hostname = req.query.hostname;
+        res.setHeader('Content-Security-Policy', this.getCspHeader(cspDetails, hostname));
         return htmlContentWithBridgeScript;
     });
     getI18nResourcesMiddleware = (i18nConfig) => {
         const i18nResourcesPathRegex = /^\/__LOCALES__\/(.+)\.json$/i;