Skip to content

Commit 0be0546

Browse files
Feature/DF-680 location maps auth (#1070)
* Add ordnanceSurveyApiSecret configuration * Remove https://api.os.uk from CSP * Update forms-engine-plugin to v4.0.43
1 parent 49aea6d commit 0be0546

File tree

6 files changed

+29
-26
lines changed

6 files changed

+29
-26
lines changed

package-lock.json

Lines changed: 16 additions & 16 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@
4141
"license": "SEE LICENSE IN LICENSE",
4242
"dependencies": {
4343
"@aws-sdk/client-sns": "^3.972.0",
44-
"@defra/forms-engine-plugin": "^4.0.42",
44+
"@defra/forms-engine-plugin": "^4.0.43",
4545
"@defra/forms-model": "^3.0.601",
4646
"@defra/hapi-tracing": "^1.30.0",
4747
"@elastic/ecs-pino-format": "^1.5.0",

src/config/index.ts

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -308,6 +308,14 @@ export const config = convict({
308308
env: 'ORDNANCE_SURVEY_API_KEY'
309309
} as SchemaObj<string | undefined>,
310310

311+
ordnanceSurveyApiSecret: {
312+
doc: 'The ordnance survey api secret used by the maps plugin',
313+
format: String,
314+
nullable: true,
315+
default: undefined,
316+
env: 'ORDNANCE_SURVEY_API_SECRET'
317+
} as SchemaObj<string | undefined>,
318+
311319
useMapsFeature: {
312320
doc: 'Feature flag to control maps',
313321
format: Boolean,

src/server/index.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -185,7 +185,8 @@ export const configureEnginePlugin = async ({
185185
SummaryPageWithConfirmationEmailController,
186186
FeedbackPageController
187187
},
188-
ordnanceSurveyApiKey: config.get('ordnanceSurveyApiKey')
188+
ordnanceSurveyApiKey: config.get('ordnanceSurveyApiKey'),
189+
ordnanceSurveyApiSecret: config.get('ordnanceSurveyApiSecret')
189190
}
190191
}
191192
const routeOptions = {

src/server/plugins/blankie.test.ts

Lines changed: 2 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -11,11 +11,7 @@ describe('Server Blankie Plugin', () => {
1111
defaultSrc: ['self'],
1212
fontSrc: ['self', 'data:'],
1313
frameSrc: ['self', 'data:'],
14-
connectSrc: [
15-
'self',
16-
'https://api.os.uk',
17-
'https://test-uploader.cdp-int.defra.cloud'
18-
],
14+
connectSrc: ['self', 'https://test-uploader.cdp-int.defra.cloud'],
1915
scriptSrc: ['self', 'strict-dynamic', 'unsafe-inline'],
2016
styleSrc: ['self', 'unsafe-inline'],
2117
imgSrc: ['self', 'data:'],
@@ -35,7 +31,6 @@ describe('Server Blankie Plugin', () => {
3531
frameSrc: ['self', 'data:'],
3632
connectSrc: [
3733
'self',
38-
'https://api.os.uk',
3934
'https://*.google-analytics.com',
4035
'https://*.analytics.google.com',
4136
'https://*.googletagmanager.com',
@@ -76,6 +71,6 @@ describe('Server Blankie Plugin', () => {
7671

7772
const { options } = configureBlankiePlugin()
7873

79-
expect(options?.connectSrc).toEqual(['self', 'https://api.os.uk'])
74+
expect(options?.connectSrc).toEqual(['self'])
8075
})
8176
})

src/server/plugins/blankie.ts

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,6 @@ export const configureBlankiePlugin = (): ServerRegisterPluginObject<
2929
fontSrc: ['self', 'data:'],
3030
connectSrc: [
3131
['self'],
32-
['https://api.os.uk'],
3332
gaTrackingId ? googleAnalyticsOptions.connectSrc : [],
3433
uploaderUrl ? [uploaderUrl] : []
3534
].flat(),

0 commit comments

Comments
 (0)