fix(csp): fixed csp policy to allow for google drive picker, s3, atlassian

Author: waleedlatif1

sim/app/w/[id]/components/workflow-block/components/sub-block/components/credential-selector/components/oauth-required-modal.tsx

@@ -72,6 +72,7 @@ const SCOPE_DESCRIPTIONS: Record<string, string> = {
   'read:jira-user': 'Read your Jira user',
   'read:jira-work': 'Read your Jira work',
   'write:jira-work': 'Write to your Jira work',
+  'read:issue-event:jira': 'Read your Jira issue events',
   'write:issue:jira': 'Write to your Jira issues',
   'read:project:jira': 'Read your Jira projects',
   'read:issue-type:jira': 'Read your Jira issue types',

sim/lib/oauth.ts

@@ -408,6 +408,11 @@ export async function refreshOAuthToken(
         clientId = process.env.CONFLUENCE_CLIENT_ID
         clientSecret = process.env.CONFLUENCE_CLIENT_SECRET
         break
+      case 'jira':
+        tokenEndpoint = 'https://auth.atlassian.com/oauth/token'
+        clientId = process.env.JIRA_CLIENT_ID
+        clientSecret = process.env.JIRA_CLIENT_SECRET
+        break
       case 'airtable':
         tokenEndpoint = 'https://airtable.com/oauth2/v1/token'
         clientId = process.env.AIRTABLE_CLIENT_ID

sim/next.config.ts

@@ -84,7 +84,7 @@ const nextConfig: NextConfig = {
                },
                {
                  key: 'Content-Security-Policy',
-                 value: "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self'; connect-src 'self' http://localhost:11434 http://host.docker.internal:11434; frame-ancestors 'self'; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; object-src 'none'",
+                 value: "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://apis.google.com https://*.vercel-insights.com https://vercel.live https://*.vercel.live; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https://*.googleusercontent.com https://*.google.com https://*.atlassian.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' http://localhost:11434 http://host.docker.internal:11434 https://*.googleapis.com https://*.amazonaws.com https://*.s3.amazonaws.com https://s3.*.amazonaws.com https://*.vercel-insights.com https://*.atlassian.com https://vercel.live https://*.vercel.live; frame-src https://drive.google.com https://*.google.com; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; object-src 'none'",
                },
              ],
            },