Skip to content

LG-9740 Add csp overrides for ThreatMetrix before_action to SsnController#8367

Merged
soniaconnolly merged 2 commits intomainfrom
sonia-lg-9740-ssn-threatmetrix-csp
May 10, 2023
Merged

LG-9740 Add csp overrides for ThreatMetrix before_action to SsnController#8367
soniaconnolly merged 2 commits intomainfrom
sonia-lg-9740-ssn-threatmetrix-csp

Conversation

@soniaconnolly
Copy link
Contributor

@soniaconnolly soniaconnolly commented May 9, 2023

🎫 Ticket

LG-9740

🛠 Summary of changes

This before action is needed to allow ThreatMetrix to load in browsers that respect Content Security Policies. It was part of the Flow State Machine but not clearly part of the SSN step.

Note: The in_person_controller still uses override_csp_for_threat_metrix with the parameter check for the ssn step, so I factored out the main part of the code and made a new method for the remote SsnController. This can be restored to a single method when the in_person FSM SsnStep is removed.

Note2: We need a test that checks that ThreatMetrix is loading without errors, either as part of this PR or as a separate PR.

📜 Testing Plan

  • Do IdV process in staging, make sure ThreatMetrix loads without errors at SSN step

@soniaconnolly
Add csp overrides before action for ThreatMetrix to SsnController
b7593ef 
This before action is needed to allow ThreatMetrix to load in browsers that respect Content Security Policies.
It was part of the Flow State Machine but not clearly part of the SSN step.

changelog: Bug Fixes, Identity Verification, include Content Security Policy overrides for ThreatMetrix
@soniaconnolly soniaconnolly requested review from a team, jmhooper and matthinz May 9, 2023 19:57
theabrad
theabrad approved these changes May 9, 2023
View reviewed changes
Copy link
Contributor

@theabrad theabrad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@soniaconnolly @solipet
Add controller test that checks csp overrides
05162d3 
This makes it more explicit that the overrides are required for the SSN step.

Co-authored-by: Douglas Price <douglas.price@gsa.gov>
@soniaconnolly soniaconnolly merged commit 57e4f86 into main May 10, 2023
@soniaconnolly soniaconnolly deleted the sonia-lg-9740-ssn-threatmetrix-csp branch May 10, 2023 16:30
@soniaconnolly soniaconnolly mentioned this pull request May 10, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@theabrad theabrad theabrad approved these changes

+2 more reviewers

@matthinz matthinz matthinz approved these changes

@jmhooper jmhooper jmhooper approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@soniaconnolly @matthinz @jmhooper @theabrad