diff --git a/package-lock.json b/package-lock.json index fbd3f05bb..b3bccb9c7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,7 +11,7 @@ "license": "SEE LICENSE IN LICENSE", "dependencies": { "@aws-sdk/client-sns": "^3.972.0", - "@defra/forms-engine-plugin": "^4.0.42", + "@defra/forms-engine-plugin": "^4.0.43", "@defra/forms-model": "^3.0.601", "@defra/hapi-tracing": "^1.30.0", "@elastic/ecs-pino-format": "^1.5.0", @@ -3046,9 +3046,9 @@ } }, "node_modules/@defra/forms-engine-plugin": { - "version": "4.0.42", - "resolved": "https://registry.npmjs.org/@defra/forms-engine-plugin/-/forms-engine-plugin-4.0.42.tgz", - "integrity": "sha512-yP7wFCSEywt7NWqiR/cntAw0VN3aytUanvVyk1r4/PDrpfW0vK9oaZyQ8q1eNDeUwxZbNVeU2z/1lrfQlq5WXQ==", + "version": "4.0.43", + "resolved": "https://registry.npmjs.org/@defra/forms-engine-plugin/-/forms-engine-plugin-4.0.43.tgz", + "integrity": "sha512-n0fpCfC2AhHVaPNwqe2EJ0/naxQcE3tVRzr4JYvsLRRWMNP9I4isd+ZK/vPY42owEPN3UElA2rif486ZYFOAWQ==", "hasInstallScript": true, "license": "SEE LICENSE IN LICENSE", "dependencies": { @@ -3228,9 +3228,9 @@ } }, "node_modules/@defra/interactive-map/node_modules/preact": { - "version": "10.28.2", - "resolved": "https://registry.npmjs.org/preact/-/preact-10.28.2.tgz", - "integrity": "sha512-lbteaWGzGHdlIuiJ0l2Jq454m6kcpI1zNje6d8MlGAFlYvP2GO4ibnat7P74Esfz4sPTdM6UxtTwh/d3pwM9JA==", + "version": "10.28.3", + "resolved": "https://registry.npmjs.org/preact/-/preact-10.28.3.tgz", + "integrity": "sha512-tCmoRkPQLpBeWzpmbhryairGnhW9tKV6c6gr/w+RhoRoKEJwsjzipwp//1oCpGPOchvSLaAPlpcJi9MwMmoPyA==", "license": "MIT", "funding": { "type": "opencollective", @@ -5396,9 +5396,9 @@ } }, "node_modules/@maplibre/mlt": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/@maplibre/mlt/-/mlt-1.1.2.tgz", - "integrity": "sha512-SQKdJ909VGROkA6ovJgtHNs9YXV4YXUPS+VaZ50I2Mt951SLlUm2Cv34x5Xwc1HiFlsd3h2Yrs5cn7xzqBmENw==", + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/@maplibre/mlt/-/mlt-1.1.5.tgz", + "integrity": "sha512-HjoAIOYAfZo2El/tHBnvWpCRlodWgWLZ/tyO4Wrw0LVY2bkQz1+pwAwDvmgSRvfkSkSzWnqJJd1JwgCrq/60HQ==", "license": "(MIT OR Apache-2.0)", "dependencies": { "@mapbox/point-geometry": "^1.1.0" @@ -8214,9 +8214,9 @@ "license": "Apache-2.0" }, "node_modules/@zip.js/zip.js": { - "version": "2.8.15", - "resolved": "https://registry.npmjs.org/@zip.js/zip.js/-/zip.js-2.8.15.tgz", - "integrity": "sha512-HZKJLFe4eGVgCe9J87PnijY7T1Zn638bEHS+Fm/ygHZozRpefzWcOYfPaP52S8pqk9g4xN3+LzMDl3Lv9dLglA==", + "version": "2.8.16", + "resolved": "https://registry.npmjs.org/@zip.js/zip.js/-/zip.js-2.8.16.tgz", + "integrity": "sha512-kCjaXh50GCf9afcof6ekjXPKR//rBVIxNHJLSUaM3VAET2F0+hymgrK1GpInRIIFUpt+wsnUfgx2+bbrmc+7Tw==", "license": "BSD-3-Clause", "engines": { "bun": ">=0.7.0", @@ -12263,9 +12263,9 @@ } }, "node_modules/expr-eval-fork": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/expr-eval-fork/-/expr-eval-fork-3.0.1.tgz", - "integrity": "sha512-JRex9aykIt6AqhcQK+u1bFcBy2f+muwJoGCtAZmOC0yrktaCegtH42sLnZdNsD2/Ko9j+3pLWi4nIkNQez02bg==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/expr-eval-fork/-/expr-eval-fork-3.0.3.tgz", + "integrity": "sha512-BhC+hbc5lIVjygr840n5DEkW3MQq7H9o+mc1/N7Z5uIiCFVyESLL5DIE7LNq4CYUNxy+XjA+3jRrL/h0Kt2xcg==", "license": "MIT", "engines": { "node": ">=16.9.0" diff --git a/package.json b/package.json index 35affeb45..8be202e9c 100644 --- a/package.json +++ b/package.json @@ -41,7 +41,7 @@ "license": "SEE LICENSE IN LICENSE", "dependencies": { "@aws-sdk/client-sns": "^3.972.0", - "@defra/forms-engine-plugin": "^4.0.42", + "@defra/forms-engine-plugin": "^4.0.43", "@defra/forms-model": "^3.0.601", "@defra/hapi-tracing": "^1.30.0", "@elastic/ecs-pino-format": "^1.5.0", diff --git a/src/config/index.ts b/src/config/index.ts index 0a98ff720..316a8e959 100644 --- a/src/config/index.ts +++ b/src/config/index.ts @@ -308,6 +308,14 @@ export const config = convict({ env: 'ORDNANCE_SURVEY_API_KEY' } as SchemaObj, + ordnanceSurveyApiSecret: { + doc: 'The ordnance survey api secret used by the maps plugin', + format: String, + nullable: true, + default: undefined, + env: 'ORDNANCE_SURVEY_API_SECRET' + } as SchemaObj, + useMapsFeature: { doc: 'Feature flag to control maps', format: Boolean, diff --git a/src/server/index.ts b/src/server/index.ts index 21164468b..2834832e6 100644 --- a/src/server/index.ts +++ b/src/server/index.ts @@ -185,7 +185,8 @@ export const configureEnginePlugin = async ({ SummaryPageWithConfirmationEmailController, FeedbackPageController }, - ordnanceSurveyApiKey: config.get('ordnanceSurveyApiKey') + ordnanceSurveyApiKey: config.get('ordnanceSurveyApiKey'), + ordnanceSurveyApiSecret: config.get('ordnanceSurveyApiSecret') } } const routeOptions = { diff --git a/src/server/plugins/blankie.test.ts b/src/server/plugins/blankie.test.ts index 04e67a643..8a33f671a 100644 --- a/src/server/plugins/blankie.test.ts +++ b/src/server/plugins/blankie.test.ts @@ -11,11 +11,7 @@ describe('Server Blankie Plugin', () => { defaultSrc: ['self'], fontSrc: ['self', 'data:'], frameSrc: ['self', 'data:'], - connectSrc: [ - 'self', - 'https://api.os.uk', - 'https://test-uploader.cdp-int.defra.cloud' - ], + connectSrc: ['self', 'https://test-uploader.cdp-int.defra.cloud'], scriptSrc: ['self', 'strict-dynamic', 'unsafe-inline'], styleSrc: ['self', 'unsafe-inline'], imgSrc: ['self', 'data:'], @@ -35,7 +31,6 @@ describe('Server Blankie Plugin', () => { frameSrc: ['self', 'data:'], connectSrc: [ 'self', - 'https://api.os.uk', 'https://*.google-analytics.com', 'https://*.analytics.google.com', 'https://*.googletagmanager.com', @@ -76,6 +71,6 @@ describe('Server Blankie Plugin', () => { const { options } = configureBlankiePlugin() - expect(options?.connectSrc).toEqual(['self', 'https://api.os.uk']) + expect(options?.connectSrc).toEqual(['self']) }) }) diff --git a/src/server/plugins/blankie.ts b/src/server/plugins/blankie.ts index d50d5ee60..e6dcb601b 100644 --- a/src/server/plugins/blankie.ts +++ b/src/server/plugins/blankie.ts @@ -29,7 +29,6 @@ export const configureBlankiePlugin = (): ServerRegisterPluginObject< fontSrc: ['self', 'data:'], connectSrc: [ ['self'], - ['https://api.os.uk'], gaTrackingId ? googleAnalyticsOptions.connectSrc : [], uploaderUrl ? [uploaderUrl] : [] ].flat(),