RubyGems - govuk_publishing_components - Versions diffs - 37.5.1 → 37.6.1 - Mend

govuk_publishing_components 37.5.1 → 37.6.1

Files changed (32) hide show

data/node_modules/axe-core/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "axe-core",
   "description": "Accessibility engine for automated Web UI testing",
-  "version": "4.8.3",
+  "version": "4.8.4",
   "license": "MPL-2.0",
   "engines": {
     "node": ">=4"
@@ -55,7 +55,8 @@
     "axe.min.js",
     "axe.d.ts",
     "sri-history.json",
-    "locales/"
+    "locales/",
+    "LICENSE-3RD-PARTY.txt"
   ],
   "standard-version": {
     "scripts": {

data/node_modules/axe-core/sri-history.json CHANGED Viewed

@@ -366,5 +366,9 @@
   "4.8.3": {
     "axe.js": "sha256-YWpAAdIo7fwKmLq8nJx1f6pwt7HAXwWm15RSGJKbxhw=",
     "axe.min.js": "sha256-/mct+I/4SJnZ30Ce+j9T7ll9zPwzbJVrjdKpbKIP+NA="
+  },
+  "4.8.4": {
+    "axe.js": "sha256-RRn+EjX3fX893zHeLzMQebvK4/HR3yZpVFNxsV3Pbm0=",
+    "axe.min.js": "sha256-HXl1GEx0+LwVB27fLmwgdXCmeTM2beVwwFosWvFzLmo="
   }
 }

data/node_modules/govuk-single-consent/README.md ADDED Viewed

@@ -0,0 +1,157 @@
+# Single Consent client
+The Single Consent client is a small Javascript which can be embedded in a
+website to enable easily sharing a user's consent or rejection of cookies across
+different websites.
+See the [Single Consent service README](../README.md).
+## Quick start
+See the [CommonJS example](https://github.com/alphagov/consent-api/blob/main/client/examples/commonJS-usage/index.js).
+Contact data-tools-team@digital.cabinet-office.gov.uk to get the URL of the API endpoint.
+The library provides the following static methods for finding out which types of
+cookies a user has consented to.
+- `hasConsentedToEssential`
+- `hasConsentedToUsage`
+- `hasConsentedToCampaigns`
+- `hasConsentedToSetting`
+The method `GovSingleConsent.getConsents()` provides the current state of the
+user's consents to all types of cookies.
+### 1. Install with npm
+In order to set first-party cookies, the client Javascript must be served with
+your application.
+We recommend installing the Single Consent client using
+[node package manager (npm)](https://www.npmjs.com/).
+```sh
+npm i govuk-single-consent
+```
+https://www.npmjs.com/package/govuk-single-consent
+### 2. Including the Javascript client
+The javascript client can be included in different ways. Choose one below.
+#### CommonJS
+See the [example](https://github.com/alphagov/consent-api/blob/main/client/examples/commonJS-usage/index.js).
+#### Typescript
+See the [example](https://github.com/alphagov/consent-api/blob/main/client/examples/typescript-usage/index.ts).
+#### HTML script tag (IIFE)
+The javascript client makes available the object `window.GovSingleConsent` for
+interacting with the API. It needs to be loaded on any page that could be an
+entry point to your web application, that allows modifying cookie consent, or
+provides a link to another domain with which you want to share cookie consent
+status. It is probably easiest to add the script to a base template used for all
+pages.
+On the same pages, you need to load your javascript for interacting with the
+`window.GovSingleConsent` object.
+See the following examples.
+- [Cookie banner script](https://github.com/alphagov/consent-api/blob/main/client/example/cookie-banner.js)
+- [Cooke page script](https://github.com/alphagov/consent-api/blob/main/client/example/cookies-page.js)
+It is common practice to add Javascript tags just before the end `</body>` tag,
+eg:
+```html
+    ...
+    <script src="{path_to_client_js}/singleconsent.js"></script>
+    <script src="{path_to_cookie_banner_script}.js"></script>
+    <script src="{path_to_cookies_page_script}.js"></script>
+  </body>
+</html>
+```
+### 3. Passing the base URL to the constructor
+You can either pass an environment string, or a custom base URL.
+If using an environment string, its value should be either `staging` or `production`.
+e.g
+```javascript
+const dummyCallback = () => {}
+// With an environemnt string to the staging environment
+new GovSingleConsent(dummyCallback, 'staging')
+// With an environemnt string to the production environment
+new GovSingleConsent(dummyCallback, 'production')
+// With a custom base URL
+new GovSingleConsent(dummyCallback, 'http://some-development-url.com')
+```
+### 4. Share the user's consent to cookies via the API
+When the user interacts with your cookie banner or cookie settings page to
+consent to or reject cookies you can update the central database by invoking the
+following function:
+```typescript
+exampleCookieConsentStatusObject: Consents = {
+  essential: true,
+  settings: false,
+  usage: true,
+  campaigns: false,
+}
+singleConsentObject.setConsents(exampleCookieConsentStatusObject)
+```
+## Content Security Policy
+If your website is served with a
+[`Content-Security-Policy` HTTP header or `<meta>` element](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP), you
+may need to modify it to allow the client to access the Single Consent service.
+The value of the header or meta element should contain the following:
+```
+connect-src 'self' https://consent-api-nw.a.run.app/api/v1/consent [... other site URLs separated by spaces];
+```
+## What the library does
+The library manages all read/write operations with a cookie that stores the
+state of a user's consent.
+### Callback
+Websites using the Consent API must provide a callback function. This will be
+invoked each time the consent has been updated. It will be called with three
+parameters:
+- `consents` An object describing the new consent state.
+- `consentsPreferencesSet` Boolean, the cookie banner must be displayed if this
+  value is `false`.
+- `error` An object describing any error, otherwise `null`. If there is an
+  error, then the `consents` object will say that the consents have been
+  revoked.
+The structure of the consent data object is currently based on the
+[GOV.UK `cookies_policy` cookie](https://www.gov.uk/help/cookies). If your
+website cookies do not fall into any of the four categories listed, please
+contact us.
+## Getting updates
+To be notified when there's a new release, you can watch the
+[consent-api Github repository](https://github.com/alphagov/consent-api).

data/node_modules/govuk-single-consent/dist/singleconsent.cjs.js ADDED Viewed

@@ -0,0 +1,419 @@
+'use strict';
+const DEFAULT_TIMEOUT = 10000;
+function request(url, options, onSuccess, onError) {
+    try {
+        var req = new XMLHttpRequest();
+        var isTimeout = false;
+        options = options || {};
+        req.onreadystatechange = function () {
+            if (req.readyState === req.DONE) {
+                if (req.status >= 200 && req.status < 400) {
+                    let jsonResponse;
+                    try {
+                        jsonResponse = JSON.parse(req.responseText);
+                        onSuccess(jsonResponse);
+                    }
+                    catch (error) {
+                        return onError(error);
+                    }
+                }
+                else if (req.status === 0 && req.timeout > 0) {
+                    // Possible timeout, waiting for ontimeout event
+                    // Timeout will throw a status = 0 request
+                    // onreadystatechange preempts ontimeout
+                    // And we can't know for sure at this stage if it's a timeout
+                    setTimeout(function () {
+                        if (isTimeout) {
+                            return;
+                        }
+                        return onError(new Error('Request to ' + url + ' failed with status: ' + req.status));
+                    }, 500);
+                }
+                else {
+                    return onError(new Error('Request to ' + url + ' failed with status: ' + req.status));
+                }
+            }
+        };
+        req.open(options.method || 'GET', url, true);
+        if (options.timeout) {
+            req.timeout = options.timeout;
+        }
+        else {
+            req.timeout = DEFAULT_TIMEOUT;
+        }
+        req.ontimeout = function () {
+            isTimeout = true;
+            return onError(new Error('Request to ' + url + ' timed out'));
+        };
+        var headers = options.headers || {};
+        for (var name in headers) {
+            req.setRequestHeader(name, headers[name]);
+        }
+        req.send(options.body || null);
+    }
+    catch (error) {
+        return onError(error);
+    }
+}
+function addUrlParameter(url, name, value) {
+    url = parseUrl(url);
+    var newParam = name.concat('=', value);
+    var modified = false;
+    findByKey(name, url.params, function (index) {
+        url.params[index] = newParam;
+        modified = true;
+    });
+    if (!modified) {
+        url.params.push(newParam);
+    }
+    return buildUrl(url);
+}
+function removeUrlParameter(url, name) {
+    url = parseUrl(url);
+    findByKey(name, url.params, function (index) {
+        url.params.splice(index--, 1);
+    });
+    return buildUrl(url);
+}
+function parseUrl(url) {
+    var parts = url.split('?');
+    return {
+        address: parts[0],
+        params: (parts[1] || '').split('&').filter(Boolean),
+    };
+}
+function buildUrl(parts) {
+    return [parts.address, parts.params.join('&')].join('?').replace(/\??$/, '');
+}
+function findByKey(key, keyvals, callback) {
+    key += '=';
+    for (var index = 0; keyvals.length > index; index++) {
+        if (keyvals[index].trim().slice(0, key.length) === key) {
+            var value = keyvals[index].trim().slice(key.length);
+            if (callback) {
+                callback(index, value);
+            }
+            else {
+                return value;
+            }
+        }
+    }
+}
+function isCrossOrigin(link) {
+    return (link.protocol !== window.location.protocol ||
+        link.hostname !== window.location.hostname ||
+        (link.port || '80') !== (window.location.port || '80'));
+}
+function getOriginFromLink(link) {
+    var origin = link.protocol.concat('//', link.hostname);
+    if (link.port && link.port !== '80' && link.port !== '443') {
+        origin = origin.concat(':', link.port);
+    }
+    return origin;
+}
+function isBrowser() {
+    return typeof module === 'undefined';
+}
+function setCookie({ name, value, lifetime }) {
+    // const encodedValue = encodeURIComponent(value)
+    const encodedValue = value;
+    document.cookie = name
+        .concat('=', encodedValue)
+        .concat('; path=/', '; max-age='.concat(lifetime.toString()), document.location.protocol === 'https:' ? '; Secure' : '');
+}
+function getCookie(name, defaultValue) {
+    name += '=';
+    const cookies = document.cookie.split(';');
+    let cookie = null;
+    for (let i = 0; i < cookies.length; i++) {
+        let currentCookie = cookies[i].trim();
+        if (currentCookie.indexOf(name) === 0) {
+            cookie = currentCookie;
+            break;
+        }
+    }
+    if (cookie) {
+        return decodeURIComponent(cookie.trim().slice(name.length));
+    }
+    return defaultValue || null;
+}
+function validateConsentObject(response) {
+    try {
+        if (typeof response !== 'object' || response === null) {
+            return false;
+        }
+        var expectedKeys = ['essential', 'settings', 'usage', 'campaigns'];
+        var allKeysPresent = true;
+        var responseKeysCount = 0;
+        for (var i = 0; i < expectedKeys.length; i++) {
+            if (!(expectedKeys[i] in response)) {
+                allKeysPresent = false;
+                break;
+            }
+        }
+        var allValuesBoolean = true;
+        for (var key in response) {
+            if (response.hasOwnProperty(key)) {
+                responseKeysCount++;
+                if (typeof response[key] !== 'boolean') {
+                    allValuesBoolean = false;
+                    break;
+                }
+            }
+        }
+        var correctNumberOfKeys = responseKeysCount === expectedKeys.length;
+    }
+    catch (err) {
+        return false;
+    }
+    return allKeysPresent && allValuesBoolean && correctNumberOfKeys;
+}
+const COOKIE_DAYS = 365;
+class GovConsentConfig {
+    constructor(baseUrl) {
+        this.uidFromCookie = findByKey(GovConsentConfig.UID_KEY, document.cookie.split(';'));
+        this.uidFromUrl = findByKey(GovConsentConfig.UID_KEY, parseUrl(location.href).params);
+        this.baseUrl = baseUrl;
+    }
+}
+GovConsentConfig.UID_KEY = 'gov_singleconsent_uid';
+GovConsentConfig.CONSENTS_COOKIE_NAME = 'cookies_policy';
+GovConsentConfig.PREFERENCES_SET_COOKIE_NAME = 'cookies_preferences_set';
+GovConsentConfig.COOKIE_LIFETIME = COOKIE_DAYS * 24 * 60 * 60;
+class ApiV1 {
+    constructor(baseUrl) {
+        this.version = 'v1';
+        this.baseUrl = baseUrl;
+    }
+    buildUrl(endpoint, pathParam) {
+        let url = `${this.baseUrl}/api/${this.version}${endpoint}`;
+        if (pathParam) {
+            url += `/${pathParam}`;
+        }
+        return url;
+    }
+    origins() {
+        return this.buildUrl(ApiV1.Routes.origins);
+    }
+    consents(id) {
+        return this.buildUrl(ApiV1.Routes.consents, id || '');
+    }
+}
+ApiV1.Routes = {
+    origins: '/origins',
+    consents: '/consent',
+};
+class GovSingleConsent {
+    constructor(consentsUpdateCallback, baseUrlOrEnv) {
+        /**
+          Initialises _GovConsent object by performing the following:
+          1. Removes 'uid' from URL.
+          2. Sets 'uid' attribute from cookie or URL.
+          3. Fetches consent status from API if 'uid' exists.
+          4. Notifies event listeners with API response.
+          @arg baseUrl: string - the domain of where the single consent API is. Required.
+          @arg consentsUpdateCallback: function(consents, consentsPreferencesSet, error) - callback when the consents are updated
+          "consents": this is the consents object. It has the following properties: "essential", "usage", "campaigns", "settings". Each property is a boolean.
+          "consentsPreferencesSet": true if the consents have been set for this user and this domain. Typically, only display the cookie banner if this is true.
+          "error": if an error occurred, this is the error object. Otherwise, this is null.
+          */
+        this.cachedConsentsCookie = null;
+        this.validateConstructorArguments(baseUrlOrEnv, consentsUpdateCallback);
+        const baseUrl = this.resolveBaseUrl(baseUrlOrEnv);
+        this._consentsUpdateCallback = consentsUpdateCallback;
+        this.config = new GovConsentConfig(baseUrl);
+        this.urls = new ApiV1(this.config.baseUrl);
+        window.cachedConsentsCookie = null;
+        this.hideUIDParameter();
+        this.initialiseUIDandConsents();
+    }
+    validateConstructorArguments(baseUrlOrEnv, consentsUpdateCallback) {
+        if (!baseUrlOrEnv) {
+            throw new Error('Argument baseUrl is required');
+        }
+        if (typeof baseUrlOrEnv !== 'string') {
+            throw new Error('Argument baseUrl must be a string');
+        }
+        if (!consentsUpdateCallback) {
+            throw new Error('Argument consentsUpdateCallback is required');
+        }
+        if (typeof consentsUpdateCallback !== 'function') {
+            throw new Error('Argument consentsUpdateCallback must be a function');
+        }
+    }
+    resolveBaseUrl(baseUrlOrEnv) {
+        if (baseUrlOrEnv === 'staging') {
+            return 'https://gds-single-consent-staging.app';
+        }
+        else if (baseUrlOrEnv === 'production') {
+            return 'https://gds-single-consent.app';
+        }
+        // If not "staging" or "production", assume it's a custom URL
+        return baseUrlOrEnv;
+    }
+    initialiseUIDandConsents() {
+        const currentUID = this.getCurrentUID();
+        if (this.isNewUID(currentUID)) {
+            this.handleNewUID(currentUID);
+        }
+        if (this.uid) {
+            this.fetchAndUpdateConsents();
+        }
+        else {
+            this._consentsUpdateCallback(null, false, null);
+        }
+    }
+    handleNewUID(newUID) {
+        this.uid = newUID;
+        this.updateLinksEventHandlers(newUID);
+        this.setUIDCookie(newUID);
+    }
+    isNewUID(currentUID) {
+        return currentUID && currentUID !== this.uid;
+    }
+    fetchAndUpdateConsents() {
+        const consentsUrl = this.urls.consents(this.uid);
+        request(consentsUrl, { timeout: 1000 }, (jsonResponse) => {
+            if (!validateConsentObject(jsonResponse.status)) {
+                const error = new Error('Invalid consents object returned from the API: ' + JSON.stringify(jsonResponse));
+                return this.defaultToRejectAllConsents(error);
+            }
+            const consents = jsonResponse.status;
+            this.updateBrowserConsents(consents);
+            this._consentsUpdateCallback(consents, GovSingleConsent.isConsentPreferencesSet(), null);
+        }, (error) => this.defaultToRejectAllConsents(error));
+    }
+    getCurrentUID() {
+        // Get the current uid from URL or from the cookie if it exists
+        return this.config.uidFromUrl || this.config.uidFromCookie;
+    }
+    setConsents(consents) {
+        if (!consents) {
+            throw new Error('consents is required in GovSingleConsent.setConsents()');
+        }
+        const successCallback = (response) => {
+            if (!response.uid) {
+                throw new Error('No UID returned from the API');
+            }
+            if (this.isNewUID(response.uid)) {
+                this.handleNewUID(response.uid);
+            }
+            this.updateBrowserConsents(consents);
+            this._consentsUpdateCallback(consents, GovSingleConsent.isConsentPreferencesSet(), null);
+        };
+        const url = this.urls.consents(this.uid);
+        request(url, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: 'status='.concat(JSON.stringify(consents)),
+        }, successCallback, (error) => this.defaultToRejectAllConsents(error));
+    }
+    defaultToRejectAllConsents(error) {
+        this.updateBrowserConsents(GovSingleConsent.REJECT_ALL);
+        this._consentsUpdateCallback(GovSingleConsent.REJECT_ALL, GovSingleConsent.isConsentPreferencesSet(), error);
+    }
+    static getConsents() {
+        if (window.cachedConsentsCookie) {
+            return window.cachedConsentsCookie;
+        }
+        const cookieValue = getCookie(GovConsentConfig.CONSENTS_COOKIE_NAME, null);
+        if (cookieValue) {
+            return JSON.parse(cookieValue);
+        }
+        return null;
+    }
+    static hasConsentedToEssential() {
+        const consents = GovSingleConsent.getConsents();
+        return consents === null || consents === void 0 ? void 0 : consents.essential;
+    }
+    static hasConsentedToUsage() {
+        const consents = GovSingleConsent.getConsents();
+        return consents === null || consents === void 0 ? void 0 : consents.usage;
+    }
+    static hasConsentedToCampaigns() {
+        const consents = GovSingleConsent.getConsents();
+        return consents === null || consents === void 0 ? void 0 : consents.campaigns;
+    }
+    static hasConsentedToSettings() {
+        const consents = GovSingleConsent.getConsents();
+        return consents === null || consents === void 0 ? void 0 : consents.settings;
+    }
+    static isConsentPreferencesSet() {
+        const value = getCookie(GovConsentConfig.PREFERENCES_SET_COOKIE_NAME, null);
+        return value === 'true';
+    }
+    updateLinksEventHandlers(currentUID) {
+        request(this.urls.origins(), {},
+        // Update links with UID
+        (origins) => this.addUIDtoCrossOriginLinks(origins, currentUID), (error) => {
+            throw error;
+        });
+    }
+    addUIDtoCrossOriginLinks(origins, uid) {
+        /**
+         * Adds uid URL parameter to consent sharing links.
+         * Only links with known origins are updated.
+         */
+        const links = document.querySelectorAll('a[href]');
+        Array.prototype.forEach.call(links, (link) => {
+            if (isCrossOrigin(link) &&
+                origins.indexOf(getOriginFromLink(link)) >= 0) {
+                link.addEventListener('click', (event) => {
+                    event.target.href = addUrlParameter(event.target.href, GovConsentConfig.UID_KEY, uid);
+                });
+            }
+        });
+    }
+    setUIDCookie(uid) {
+        setCookie({
+            name: GovConsentConfig.UID_KEY,
+            value: uid,
+            lifetime: GovConsentConfig.COOKIE_LIFETIME,
+        });
+    }
+    updateBrowserConsents(consents) {
+        this.setConsentsCookie(consents);
+        this.setPreferencesSetCookie(true);
+        window.cachedConsentsCookie = consents;
+    }
+    setConsentsCookie(consents) {
+        setCookie({
+            name: GovConsentConfig.CONSENTS_COOKIE_NAME,
+            value: JSON.stringify(consents),
+            lifetime: GovConsentConfig.COOKIE_LIFETIME,
+        });
+    }
+    setPreferencesSetCookie(value) {
+        setCookie({
+            name: GovConsentConfig.PREFERENCES_SET_COOKIE_NAME,
+            value: value.toString(),
+            lifetime: GovConsentConfig.COOKIE_LIFETIME,
+        });
+    }
+    hideUIDParameter() {
+        history.replaceState(null, null, removeUrlParameter(location.href, GovConsentConfig.UID_KEY));
+    }
+}
+GovSingleConsent.ACCEPT_ALL = {
+    essential: true,
+    usage: true,
+    campaigns: true,
+    settings: true,
+};
+GovSingleConsent.REJECT_ALL = {
+    essential: true,
+    usage: false,
+    campaigns: false,
+    settings: false,
+};
+if (isBrowser()) {
+    window.GovSingleConsent = GovSingleConsent;
+}
+exports.GovSingleConsent = GovSingleConsent;