Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HUH-74: Revert Verify sign-in hint on interstitial page #1600

Merged
merged 1 commit into from
Dec 20, 2019
Merged

HUH-74: Revert Verify sign-in hint on interstitial page #1600

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions .rubocop.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,3 @@ Rails/OutputSafety:
Enabled: false
Rails/HelperInstanceVariable:
Enabled: false

# Temporary - should be reverted as soon as the Verify tests finishes
AllCops:
Exclude:
- "config/initializers/csp.rb"
67 changes: 0 additions & 67 deletions app/assets/javascripts/modules/show-gov-uk-verify-hint.js
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion app/assets/stylesheets/application.scss
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,5 @@ $govuk-use-legacy-palette: false;
@import 'views/answer';
@import 'views/help-page';
@import "views/guide";
@import 'views/choose_sign_in';


21 changes: 0 additions & 21 deletions app/assets/stylesheets/views/_choose_sign_in.scss
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion app/views/content_items/service_sign_in/_choose_sign_in.html.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@
<%= render "govuk_publishing_components/components/fieldset", legend_text: legend_text do %>
<div class="govuk-grid-row">
<div class="govuk-grid-column-two-thirds">
<div data-module="show-gov-uk-verify-hint"></div>
<%= render 'govuk_publishing_components/components/govspeak', content: raw(@content_item.description) %>
<% if @error %>
<%= render "components/error-message", text: t('service_sign_in.error.option') %>
Expand Down
77 changes: 1 addition & 76 deletions config/initializers/csp.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,76 +1 @@
# GovukContentSecurityPolicy.configure
# THIS A TEMPORARY COPY OF THE POLICY FROM THE GEM ABOVE
# FOR THE TEMPORARY TEST WE NEED TO ADD A NEW DOMAIN FOR IMAGES (LINE 30)
# WILL BE REVERTED BACK TO THE GEM ONCE THE TESTS FINISHES

GOVUK_DOMAINS = [
'*.publishing.service.gov.uk',
"*.#{ENV['GOVUK_APP_DOMAIN_EXTERNAL'] || ENV['GOVUK_APP_DOMAIN'] || 'dev.gov.uk'}",
"*.dev.gov.uk"
].uniq.freeze

GOOGLE_ANALYTICS_DOMAINS = %w(www.google-analytics.com
ssl.google-analytics.com
stats.g.doubleclick.net).freeze

Rails.application.config.content_security_policy_report_only = ENV.include?("GOVUK_CSP_REPORT_ONLY")

Rails.application.config.content_security_policy do |policy|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src
policy.default_src :https, :self, *GOVUK_DOMAINS

# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src
policy.img_src :self,
:data, # Base64 encoded images
*GOVUK_DOMAINS,
*GOOGLE_ANALYTICS_DOMAINS, # Tracking pixels
# Some content still links to an old domain we used to use
"assets.digital.cabinet-office.gov.uk",
# For a Verify enhanced hint live test (temporary)
"gds-verify-frontend-assets.s3.amazonaws.com"

# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src
policy.script_src :self,
*GOVUK_DOMAINS,
*GOOGLE_ANALYTICS_DOMAINS,
# Allow JSONP call to Verify to check whether the user is logged in
"www.signin.service.gov.uk",
# Allow YouTube Embeds (Govspeak turns YouTube links into embeds)
"*.ytimg.com",
"www.youtube.com",
"www.youtube-nocookie.com",
# Allow all inline scripts until we can conclusively
# document all the inline scripts we use,
# and there's a better way to filter out junk reports
:unsafe_inline

# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src
policy.style_src :self,
*GOVUK_DOMAINS,
# We use the `style=""` attribute on some HTML elements
:unsafe_inline

# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src
policy.font_src :self,
*GOVUK_DOMAINS,
:data # Used by some legacy fonts

# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src
policy.connect_src :self,
*GOVUK_DOMAINS,
*GOOGLE_ANALYTICS_DOMAINS,
# Allow connecting to web chat from HMRC contact pages
"www.tax.service.gov.uk",
# Allow connecting to Verify to check whether the user is logged in
"www.signin.service.gov.uk"

# Disallow all <object>, <embed>, and <applet> elements
#
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/object-src
policy.object_src :none

# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src
policy.frame_src :self, *GOVUK_DOMAINS, "www.youtube.com", "www.youtube-nocookie.com" # Allow youtube embeds

policy.report_uri ENV["GOVUK_CSP_REPORT_URI"] if ENV.include?("GOVUK_CSP_REPORT_URI")
end
GovukContentSecurityPolicy.configure
56 changes: 0 additions & 56 deletions spec/javascripts/show-gov-uk-verify-hint.spec.js
View file
Open in desktop

This file was deleted.