LG-4870: Drop legacy Acuant SDK relative path support

config/initializers/secure_headers.rb

@@ -99,26 +99,12 @@ def call(env)
 
 # We need this to be called after the SecureHeaders::Railtie adds its own middleware at the top
 Rails.application.configure do |config|
-  # I18n is not configured yet at this point
-  available_locales = %w[en es fr]
-  worker_js = 'AcuantImageProcessingWorker.min.js'
-
-  # example URLs:
-  # - /verify/doc_auth/AcuantImageProcessingWorker.min.js
-  # - /en/verify/capture_doc/AcuantImageProcessingWorker.min.js
-  acuant_sdk_static_files = [nil, *available_locales].
-                              product(%w[doc_auth capture_doc]).
-                              map do |locale, flow|
-                                File.join('/', *locale, '/verify', flow, worker_js)
-                              end.
-                              push('/acuant/11.4.3/AcuantImageProcessingWorker.min.js').
-                              to_set.
-                              freeze
+  worker_path = '/acuant/11.4.3/AcuantImageProcessingWorker.min.js'
 
   config.middleware.insert_before(
     SecureHeaders::Middleware,
     SecureHeaders::RemoveContentSecurityPolicy,
   ) do |request|
-    acuant_sdk_static_files.include?(request.path)
+    request.path == worker_path
   end
 end

spec/requests/acuant_sdk_spec.rb

@@ -1,77 +1,61 @@
 require 'rails_helper'
 
 describe 'requesting acuant SDK assets' do
-  # example URLs:
-  # - /verify/doc_auth/AcuantImageProcessingWorker.min.js
-  # - /en/verify/capture_doc/AcuantImageProcessingWorker.min.js
-  [nil, *I18n.available_locales].
-    product(%w[doc_auth capture_doc]).
-    map do |locale, verify_path|
-      base_url = "#{locale && "/#{locale}"}/verify/#{verify_path}"
-    end.
-    push('/acuant/11.4.3').
-    each do |base_url|
-      min_js = "#{base_url}/AcuantImageProcessingWorker.min.js"
-      context min_js do
-        before { get min_js }
+  base_url = '/acuant/11.4.3'
 
-        it 'renders a JS asset' do
-          expect(response.status).to eq(200)
-          expect(response.headers['Content-Type']).to eq('application/javascript')
-          expect(response.body).to eq(
-            File.read('public/acuant/11.4.3/AcuantImageProcessingWorker.min.js'),
-          )
-        end
+  min_js = "#{base_url}/AcuantImageProcessingWorker.min.js"
+  context min_js do
+    before { get min_js }
 
-        it 'does not include a CSP header' do
-          expect(response.headers).to_not have_key('Content-Security-Policy')
-        end
+    it 'renders a JS asset' do
+      expect(response.status).to eq(200)
+      expect(response.headers['Content-Type']).to eq('application/javascript')
+    end
+
+    it 'does not include a CSP header' do
+      expect(response.headers).to_not have_key('Content-Security-Policy')
+    end
 
-        it 'does not include a session' do
-          expect(response.cookies.keys).to_not include('_upaya_session')
-        end
-      end
+    it 'does not include a session' do
+      expect(response.cookies.keys).to_not include('_upaya_session')
+    end
+  end
 
-      wasm_js = "#{base_url}/AcuantImageProcessingWorker.wasm"
-      context wasm_js do
-        before { get wasm_js }
+  wasm_js = "#{base_url}/AcuantImageProcessingWorker.wasm"
+  context wasm_js do
+    before { get wasm_js }
 
-        it 'renders a WASM asset' do
-          expect(response.status).to eq(200)
-          expect(response.headers['Content-Type']).to eq('application/wasm')
-          expect(response.body.length).to eq(
-            File.size('public/acuant/11.4.3/AcuantImageProcessingWorker.wasm'),
-          )
-        end
+    it 'renders a WASM asset' do
+      expect(response.status).to eq(200)
+      expect(response.headers['Content-Type']).to eq('application/wasm')
+    end
 
-        it 'includes a CSP header with unsafe-eval' do
-          expect(response.headers['Content-Security-Policy']).
-            to match(/script-src [^;]*'unsafe-eval'/)
-        end
+    it 'includes a CSP header with unsafe-eval' do
+      expect(response.headers['Content-Security-Policy']).to match(/script-src [^;]*'unsafe-eval'/)
+    end
 
-        it 'does not include a session' do
-          expect(response.cookies.keys).to_not include('_upaya_session')
-        end
-      end
+    it 'does not include a session' do
+      expect(response.cookies.keys).to_not include('_upaya_session')
+    end
+  end
 
-      invalid_asset = "#{base_url}/something-that-does-not-exist/AcuantImageProcessingWorker.wasm"
-      context "#{invalid_asset} (invalid asset)" do
-        before { get invalid_asset }
+  invalid_asset = "#{base_url}/something-that-does-not-exist/AcuantImageProcessingWorker.wasm"
+  context "#{invalid_asset} (invalid asset)" do
+    before { get invalid_asset }
 
-        it 'renders a 404 and leaves in the CSP headers' do
-          expect(response.status).to eq(404)
-          expect(response.headers['Content-Security-Policy']).to be_present
-        end
-      end
+    it 'renders a 404 and leaves in the CSP headers' do
+      expect(response.status).to eq(404)
+      expect(response.headers['Content-Security-Policy']).to be_present
+    end
+  end
 
-      map_file = "#{base_url}/AcuantImageProcessingService.wasm.map"
-      context "#{map_file} (map file)" do
-        before { get map_file }
+  map_file = "#{base_url}/AcuantImageProcessingService.wasm.map"
+  context "#{map_file} (map file)" do
+    before { get map_file }
 
-        it 'renders a 404 and leaves in the CSP headers' do
-          expect(response.status).to eq(404)
-          expect(response.headers['Content-Security-Policy']).to be_present
-        end
-      end
+    it 'renders a 404 and leaves in the CSP headers' do
+      expect(response.status).to eq(404)
+      expect(response.headers['Content-Security-Policy']).to be_present
     end
+  end
 end