diff --git a/app/controllers/concerns/idv/threat_metrix_concern.rb b/app/controllers/concerns/idv/threat_metrix_concern.rb index 9be4e66877e..5ff95b6b9b7 100644 --- a/app/controllers/concerns/idv/threat_metrix_concern.rb +++ b/app/controllers/concerns/idv/threat_metrix_concern.rb @@ -18,17 +18,6 @@ def override_csp_for_threat_metrix def override_csp_for_threat_metrix_no_fsm return unless FeatureManagement.proofing_device_profiling_collecting_enabled? - ## - # In order to test the behavior without the CSP changes, we do not perform the CSP override - # if the user's email is on a list of CSP disabled emails. - # - current_user.email_addresses.each do |email_address| - no_csp_email = IdentityConfig.store.idv_tmx_test_csp_disabled_emails.include?( - email_address.email, - ) - return nil if no_csp_email - end - threat_metrix_csp_overrides end diff --git a/app/controllers/idv/ssn_controller.rb b/app/controllers/idv/ssn_controller.rb index 942c11b05bf..bc119ae292b 100644 --- a/app/controllers/idv/ssn_controller.rb +++ b/app/controllers/idv/ssn_controller.rb @@ -10,8 +10,6 @@ class SsnController < ApplicationController before_action :confirm_repeat_ssn, only: :show before_action :override_csp_for_threat_metrix_no_fsm - helper_method :should_render_threatmetrix_js? - attr_accessor :error_message def show @@ -49,23 +47,6 @@ def update end end - ## - # In order to test the behavior without the threatmetrix JS, we do not load the threatmetrix - # JS if the user's email is on a list of JS disabled emails. - # - def should_render_threatmetrix_js? - return false unless FeatureManagement.proofing_device_profiling_collecting_enabled? - - current_user.email_addresses.each do |email_address| - no_csp_email = IdentityConfig.store.idv_tmx_test_js_disabled_emails.include?( - email_address.email, - ) - return false if no_csp_email - end - - true - end - private def confirm_repeat_ssn diff --git a/app/views/idv/ssn/show.html.erb b/app/views/idv/ssn/show.html.erb index 665eae7e357..c37a2355735 100644 --- a/app/views/idv/ssn/show.html.erb +++ b/app/views/idv/ssn/show.html.erb @@ -30,7 +30,7 @@ locals: <% end %>

-<% if should_render_threatmetrix_js? %> +<% if FeatureManagement.proofing_device_profiling_collecting_enabled? %> <% if threatmetrix_session_id.present? %> <% threatmetrix_javascript_urls.each do |threatmetrix_javascript_url| %> <%= javascript_include_tag threatmetrix_javascript_url, nonce: true %> diff --git a/config/application.yml.default b/config/application.yml.default index e695a2ca798..7b22872e1e1 100644 --- a/config/application.yml.default +++ b/config/application.yml.default @@ -128,8 +128,6 @@ idv_acuant_sdk_upgrade_a_b_testing_percent: 50 idv_getting_started_a_b_testing: '{"welcome_default":100, "welcome_new":0, "getting_started":0}' idv_send_link_attempt_window_in_minutes: 10 idv_send_link_max_attempts: 5 -idv_tmx_test_csp_disabled_emails: '[]' -idv_tmx_test_js_disabled_emails: '[]' idv_sp_required: false in_person_capture_secondary_id_enabled: false in_person_public_address_search_enabled: false diff --git a/lib/identity_config.rb b/lib/identity_config.rb index eccbe357b4f..38fa1e3468e 100644 --- a/lib/identity_config.rb +++ b/lib/identity_config.rb @@ -241,8 +241,6 @@ def self.build_store(config_map) config.add(:idv_send_link_attempt_window_in_minutes, type: :integer) config.add(:idv_send_link_max_attempts, type: :integer) config.add(:idv_sp_required, type: :boolean) - config.add(:idv_tmx_test_csp_disabled_emails, type: :json) - config.add(:idv_tmx_test_js_disabled_emails, type: :json) config.add(:in_person_capture_secondary_id_enabled, type: :boolean) config.add(:in_person_completion_survey_url, type: :string) config.add(:in_person_doc_auth_button_enabled, type: :boolean) diff --git a/spec/controllers/idv/ssn_controller_spec.rb b/spec/controllers/idv/ssn_controller_spec.rb index 14cb43f5726..d12cbd0962a 100644 --- a/spec/controllers/idv/ssn_controller_spec.rb +++ b/spec/controllers/idv/ssn_controller_spec.rb @@ -137,29 +137,6 @@ expect(csp.directives['img-src']).to include('*.online-metrix.net') end end - - it 'does not override the Content Security for CSP disabled test users' do - allow(IdentityConfig.store).to receive(:proofing_device_profiling). - and_return(:enabled) - allow(IdentityConfig.store).to receive(:idv_tmx_test_csp_disabled_emails). - and_return([user.email_addresses.first.email]) - - get :show - - csp = response.request.content_security_policy - - aggregate_failures do - expect(csp.directives['script-src']).to_not include('h.online-metrix.net') - - expect(csp.directives['style-src']).to_not include("'unsafe-inline'") - - expect(csp.directives['child-src']).to_not include('h.online-metrix.net') - - expect(csp.directives['connect-src']).to_not include('h.online-metrix.net') - - expect(csp.directives['img-src']).to_not include('*.online-metrix.net') - end - end end describe '#update' do @@ -286,29 +263,4 @@ end end end - - describe '#should_render_threatmetrix_js?' do - it 'returns true if the JS should be disabled for the user' do - allow(IdentityConfig.store).to receive(:proofing_device_profiling). - and_return(:enabled) - allow(IdentityConfig.store).to receive(:idv_tmx_test_js_disabled_emails). - and_return([user.email_addresses.first.email]) - - expect(controller.should_render_threatmetrix_js?).to eq(false) - end - - it 'returns true if the JS should not be disabled for the user' do - allow(IdentityConfig.store).to receive(:proofing_device_profiling). - and_return(:enabled) - - expect(controller.should_render_threatmetrix_js?).to eq(true) - end - - it 'returns false if TMx profiling is disabled' do - allow(IdentityConfig.store).to receive(:proofing_device_profiling). - and_return(:disabled) - - expect(controller.should_render_threatmetrix_js?).to eq(false) - end - end end