govuk_publishing_components 37.6.0 → 37.6.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b5059f8b24e5d099520ca6f53061525153ddf6e7e31a5d4d1401516cb3856fc4
-  data.tar.gz: 6565eeaa1b13939dbb5295327aa5d9862bd568b8af022d803419d22bc6890f5b
+  metadata.gz: 057a27088f3e56f3de0b207bf272737059e084e11f7ad5d60c9c64f51b36f36c
+  data.tar.gz: 2e7c53dbecff6dcb761c8b181be7c22a051d1e67738f96d6386cc24b08e4a850
 SHA512:
-  metadata.gz: 828d20c4426cad1bce861a0f4eef8f9aa46947fa0f381ca54f8408ef9675d828b3d9c7be18d513bf5c9f4b9c34197cb30cefa030f33134cac24ae1cdead608ab
-  data.tar.gz: 53515ff838f233ab6b5bf5d3db5fe4d78e4c360faf4368cdfff7d9ef1ebbcebb8959637728348c74acd2e7003b94c4fa127c9dfe83c0a0b608263bcfdb17ce1f
+  metadata.gz: 853e1a7952502815cc9cf864feedb258266b06f402c37d8622ce3e2a8550b160bfc676e60221b5e6a0332adca201bc7a8b651d3cee2ff451f9ade26c61a74304
+  data.tar.gz: 54df263cbc3fe4b0a4bf2b7f8e3207e5d0292fb6dd79fddfe87cdcea0b844d0c5b4a73527de5ef7d747991e505af18b25228c8644d6c973a5431fb993707a3f7

data/app/assets/stylesheets/govuk_publishing_components/components/_contents-list.scss

@@ -50,7 +50,7 @@
   padding-left: $contents-spacing;
   padding-right: $contents-spacing;
 
-  &::before {
+  & span::before {
     content: "—";
     position: absolute;
     left: 0;

data/app/views/govuk_publishing_components/components/_contents_list.html.erb

@@ -41,6 +41,7 @@
       <% index_link = 1 unless disable_ga4 %>
       <% contents.each.with_index(1) do |contents_item, position| %>
         <li class="<%= cl_helper.list_item_classes(contents_item, false) %>" <%= "aria-current=true" if contents_item[:active] %>>
+          <span aria-hidden="true"></span>
           <% link_text = format_numbers ? cl_helper.wrap_numbers_with_spans(contents_item[:text]) : contents_item[:text]
             unless disable_ga4
               ga4_data[:event_name] = cl_helper.get_ga4_event_name(contents_item[:href]) if contents_item[:href]
@@ -64,6 +65,7 @@
             <ol class="gem-c-contents-list__nested-list">
               <% contents_item[:items].each.with_index(1) do |nested_contents_item, nested_position| %>
                 <li class="<%= cl_helper.list_item_classes(nested_contents_item, true) %>" <%= "aria-current=true" if nested_contents_item[:active] %>>
+                  <span aria-hidden="true"></span>
                   <%
                     unless disable_ga4
                       ga4_data[:event_name] = cl_helper.get_ga4_event_name(nested_contents_item[:href]) if nested_contents_item[:href]

data/app/views/govuk_publishing_components/components/docs/contents_list.yml

@@ -18,6 +18,7 @@ accessibility_criteria: |
   - convey the content structure
   - indicate the current page when contents span different pages, and not link to itself
   - include an aria-label to contextualise the list
+  - ensure dashes before each list item are hidden from screen readers
 
   Links with formatted numbers must separate the number and text with a space for correct screen reader pronunciation. This changes pronunciation from "1 dot Item" to "1 Item".
 shared_accessibility_criteria:

data/lib/govuk_publishing_components/version.rb

@@ -1,3 +1,3 @@
 module GovukPublishingComponents
-  VERSION = "37.6.0".freeze
+  VERSION = "37.6.1".freeze
 end

data/node_modules/govuk-single-consent/README.md

@@ -0,0 +1,157 @@
+# Single Consent client
+
+The Single Consent client is a small Javascript which can be embedded in a
+website to enable easily sharing a user's consent or rejection of cookies across
+different websites.
+
+See the [Single Consent service README](../README.md).
+
+## Quick start
+
+See the [CommonJS example](https://github.com/alphagov/consent-api/blob/main/client/examples/commonJS-usage/index.js).
+
+Contact data-tools-team@digital.cabinet-office.gov.uk to get the URL of the API endpoint.
+
+The library provides the following static methods for finding out which types of
+cookies a user has consented to.
+
+- `hasConsentedToEssential`
+- `hasConsentedToUsage`
+- `hasConsentedToCampaigns`
+- `hasConsentedToSetting`
+
+The method `GovSingleConsent.getConsents()` provides the current state of the
+user's consents to all types of cookies.
+
+### 1. Install with npm
+
+In order to set first-party cookies, the client Javascript must be served with
+your application.
+
+We recommend installing the Single Consent client using
+[node package manager (npm)](https://www.npmjs.com/).
+
+```sh
+npm i govuk-single-consent
+```
+
+https://www.npmjs.com/package/govuk-single-consent
+
+### 2. Including the Javascript client
+
+The javascript client can be included in different ways. Choose one below.
+
+#### CommonJS
+
+See the [example](https://github.com/alphagov/consent-api/blob/main/client/examples/commonJS-usage/index.js).
+
+#### Typescript
+
+See the [example](https://github.com/alphagov/consent-api/blob/main/client/examples/typescript-usage/index.ts).
+
+#### HTML script tag (IIFE)
+
+The javascript client makes available the object `window.GovSingleConsent` for
+interacting with the API. It needs to be loaded on any page that could be an
+entry point to your web application, that allows modifying cookie consent, or
+provides a link to another domain with which you want to share cookie consent
+status. It is probably easiest to add the script to a base template used for all
+pages.
+
+On the same pages, you need to load your javascript for interacting with the
+`window.GovSingleConsent` object.
+
+See the following examples.
+
+- [Cookie banner script](https://github.com/alphagov/consent-api/blob/main/client/example/cookie-banner.js)
+- [Cooke page script](https://github.com/alphagov/consent-api/blob/main/client/example/cookies-page.js)
+
+It is common practice to add Javascript tags just before the end `</body>` tag,
+eg:
+
+```html
+    ...
+
+    <script src="{path_to_client_js}/singleconsent.js"></script>
+    <script src="{path_to_cookie_banner_script}.js"></script>
+    <script src="{path_to_cookies_page_script}.js"></script>
+  </body>
+</html>
+```
+
+### 3. Passing the base URL to the constructor
+
+You can either pass an environment string, or a custom base URL.
+
+If using an environment string, its value should be either `staging` or `production`.
+
+e.g
+
+```javascript
+const dummyCallback = () => {}
+
+// With an environemnt string to the staging environment
+new GovSingleConsent(dummyCallback, 'staging')
+
+// With an environemnt string to the production environment
+new GovSingleConsent(dummyCallback, 'production')
+
+// With a custom base URL
+new GovSingleConsent(dummyCallback, 'http://some-development-url.com')
+```
+
+### 4. Share the user's consent to cookies via the API
+
+When the user interacts with your cookie banner or cookie settings page to
+consent to or reject cookies you can update the central database by invoking the
+following function:
+
+```typescript
+exampleCookieConsentStatusObject: Consents = {
+  essential: true,
+  settings: false,
+  usage: true,
+  campaigns: false,
+}
+
+singleConsentObject.setConsents(exampleCookieConsentStatusObject)
+```
+
+## Content Security Policy
+
+If your website is served with a
+[`Content-Security-Policy` HTTP header or `<meta>` element](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP), you
+may need to modify it to allow the client to access the Single Consent service.
+The value of the header or meta element should contain the following:
+
+```
+connect-src 'self' https://consent-api-nw.a.run.app/api/v1/consent [... other site URLs separated by spaces];
+```
+
+## What the library does
+
+The library manages all read/write operations with a cookie that stores the
+state of a user's consent.
+
+### Callback
+
+Websites using the Consent API must provide a callback function. This will be
+invoked each time the consent has been updated. It will be called with three
+parameters:
+
+- `consents` An object describing the new consent state.
+- `consentsPreferencesSet` Boolean, the cookie banner must be displayed if this
+  value is `false`.
+- `error` An object describing any error, otherwise `null`. If there is an
+  error, then the `consents` object will say that the consents have been
+  revoked.
+
+The structure of the consent data object is currently based on the
+[GOV.UK `cookies_policy` cookie](https://www.gov.uk/help/cookies). If your
+website cookies do not fall into any of the four categories listed, please
+contact us.
+
+## Getting updates
+
+To be notified when there's a new release, you can watch the
+[consent-api Github repository](https://github.com/alphagov/consent-api).

data/node_modules/govuk-single-consent/dist/singleconsent.cjs.js

@@ -0,0 +1,419 @@
+'use strict';
+
+const DEFAULT_TIMEOUT = 10000;
+function request(url, options, onSuccess, onError) {
+    try {
+        var req = new XMLHttpRequest();
+        var isTimeout = false;
+        options = options || {};
+        req.onreadystatechange = function () {
+            if (req.readyState === req.DONE) {
+                if (req.status >= 200 && req.status < 400) {
+                    let jsonResponse;
+                    try {
+                        jsonResponse = JSON.parse(req.responseText);
+                        onSuccess(jsonResponse);
+                    }
+                    catch (error) {
+                        return onError(error);
+                    }
+                }
+                else if (req.status === 0 && req.timeout > 0) {
+                    // Possible timeout, waiting for ontimeout event
+                    // Timeout will throw a status = 0 request
+                    // onreadystatechange preempts ontimeout
+                    // And we can't know for sure at this stage if it's a timeout
+                    setTimeout(function () {
+                        if (isTimeout) {
+                            return;
+                        }
+                        return onError(new Error('Request to ' + url + ' failed with status: ' + req.status));
+                    }, 500);
+                }
+                else {
+                    return onError(new Error('Request to ' + url + ' failed with status: ' + req.status));
+                }
+            }
+        };
+        req.open(options.method || 'GET', url, true);
+        if (options.timeout) {
+            req.timeout = options.timeout;
+        }
+        else {
+            req.timeout = DEFAULT_TIMEOUT;
+        }
+        req.ontimeout = function () {
+            isTimeout = true;
+            return onError(new Error('Request to ' + url + ' timed out'));
+        };
+        var headers = options.headers || {};
+        for (var name in headers) {
+            req.setRequestHeader(name, headers[name]);
+        }
+        req.send(options.body || null);
+    }
+    catch (error) {
+        return onError(error);
+    }
+}
+function addUrlParameter(url, name, value) {
+    url = parseUrl(url);
+    var newParam = name.concat('=', value);
+    var modified = false;
+    findByKey(name, url.params, function (index) {
+        url.params[index] = newParam;
+        modified = true;
+    });
+    if (!modified) {
+        url.params.push(newParam);
+    }
+    return buildUrl(url);
+}
+function removeUrlParameter(url, name) {
+    url = parseUrl(url);
+    findByKey(name, url.params, function (index) {
+        url.params.splice(index--, 1);
+    });
+    return buildUrl(url);
+}
+function parseUrl(url) {
+    var parts = url.split('?');
+    return {
+        address: parts[0],
+        params: (parts[1] || '').split('&').filter(Boolean),
+    };
+}
+function buildUrl(parts) {
+    return [parts.address, parts.params.join('&')].join('?').replace(/\??$/, '');
+}
+function findByKey(key, keyvals, callback) {
+    key += '=';
+    for (var index = 0; keyvals.length > index; index++) {
+        if (keyvals[index].trim().slice(0, key.length) === key) {
+            var value = keyvals[index].trim().slice(key.length);
+            if (callback) {
+                callback(index, value);
+            }
+            else {
+                return value;
+            }
+        }
+    }
+}
+function isCrossOrigin(link) {
+    return (link.protocol !== window.location.protocol ||
+        link.hostname !== window.location.hostname ||
+        (link.port || '80') !== (window.location.port || '80'));
+}
+function getOriginFromLink(link) {
+    var origin = link.protocol.concat('//', link.hostname);
+    if (link.port && link.port !== '80' && link.port !== '443') {
+        origin = origin.concat(':', link.port);
+    }
+    return origin;
+}
+function isBrowser() {
+    return typeof module === 'undefined';
+}
+function setCookie({ name, value, lifetime }) {
+    // const encodedValue = encodeURIComponent(value)
+    const encodedValue = value;
+    document.cookie = name
+        .concat('=', encodedValue)
+        .concat('; path=/', '; max-age='.concat(lifetime.toString()), document.location.protocol === 'https:' ? '; Secure' : '');
+}
+function getCookie(name, defaultValue) {
+    name += '=';
+    const cookies = document.cookie.split(';');
+    let cookie = null;
+    for (let i = 0; i < cookies.length; i++) {
+        let currentCookie = cookies[i].trim();
+        if (currentCookie.indexOf(name) === 0) {
+            cookie = currentCookie;
+            break;
+        }
+    }
+    if (cookie) {
+        return decodeURIComponent(cookie.trim().slice(name.length));
+    }
+    return defaultValue || null;
+}
+function validateConsentObject(response) {
+    try {
+        if (typeof response !== 'object' || response === null) {
+            return false;
+        }
+        var expectedKeys = ['essential', 'settings', 'usage', 'campaigns'];
+        var allKeysPresent = true;
+        var responseKeysCount = 0;
+        for (var i = 0; i < expectedKeys.length; i++) {
+            if (!(expectedKeys[i] in response)) {
+                allKeysPresent = false;
+                break;
+            }
+        }
+        var allValuesBoolean = true;
+        for (var key in response) {
+            if (response.hasOwnProperty(key)) {
+                responseKeysCount++;
+                if (typeof response[key] !== 'boolean') {
+                    allValuesBoolean = false;
+                    break;
+                }
+            }
+        }
+        var correctNumberOfKeys = responseKeysCount === expectedKeys.length;
+    }
+    catch (err) {
+        return false;
+    }
+    return allKeysPresent && allValuesBoolean && correctNumberOfKeys;
+}
+
+const COOKIE_DAYS = 365;
+class GovConsentConfig {
+    constructor(baseUrl) {
+        this.uidFromCookie = findByKey(GovConsentConfig.UID_KEY, document.cookie.split(';'));
+        this.uidFromUrl = findByKey(GovConsentConfig.UID_KEY, parseUrl(location.href).params);
+        this.baseUrl = baseUrl;
+    }
+}
+GovConsentConfig.UID_KEY = 'gov_singleconsent_uid';
+GovConsentConfig.CONSENTS_COOKIE_NAME = 'cookies_policy';
+GovConsentConfig.PREFERENCES_SET_COOKIE_NAME = 'cookies_preferences_set';
+GovConsentConfig.COOKIE_LIFETIME = COOKIE_DAYS * 24 * 60 * 60;
+
+class ApiV1 {
+    constructor(baseUrl) {
+        this.version = 'v1';
+        this.baseUrl = baseUrl;
+    }
+    buildUrl(endpoint, pathParam) {
+        let url = `${this.baseUrl}/api/${this.version}${endpoint}`;
+        if (pathParam) {
+            url += `/${pathParam}`;
+        }
+        return url;
+    }
+    origins() {
+        return this.buildUrl(ApiV1.Routes.origins);
+    }
+    consents(id) {
+        return this.buildUrl(ApiV1.Routes.consents, id || '');
+    }
+}
+ApiV1.Routes = {
+    origins: '/origins',
+    consents: '/consent',
+};
+
+class GovSingleConsent {
+    constructor(consentsUpdateCallback, baseUrlOrEnv) {
+        /**
+          Initialises _GovConsent object by performing the following:
+          1. Removes 'uid' from URL.
+          2. Sets 'uid' attribute from cookie or URL.
+          3. Fetches consent status from API if 'uid' exists.
+          4. Notifies event listeners with API response.
+    
+          @arg baseUrl: string - the domain of where the single consent API is. Required.
+          @arg consentsUpdateCallback: function(consents, consentsPreferencesSet, error) - callback when the consents are updated
+          "consents": this is the consents object. It has the following properties: "essential", "usage", "campaigns", "settings". Each property is a boolean.
+          "consentsPreferencesSet": true if the consents have been set for this user and this domain. Typically, only display the cookie banner if this is true.
+          "error": if an error occurred, this is the error object. Otherwise, this is null.
+          */
+        this.cachedConsentsCookie = null;
+        this.validateConstructorArguments(baseUrlOrEnv, consentsUpdateCallback);
+        const baseUrl = this.resolveBaseUrl(baseUrlOrEnv);
+        this._consentsUpdateCallback = consentsUpdateCallback;
+        this.config = new GovConsentConfig(baseUrl);
+        this.urls = new ApiV1(this.config.baseUrl);
+        window.cachedConsentsCookie = null;
+        this.hideUIDParameter();
+        this.initialiseUIDandConsents();
+    }
+    validateConstructorArguments(baseUrlOrEnv, consentsUpdateCallback) {
+        if (!baseUrlOrEnv) {
+            throw new Error('Argument baseUrl is required');
+        }
+        if (typeof baseUrlOrEnv !== 'string') {
+            throw new Error('Argument baseUrl must be a string');
+        }
+        if (!consentsUpdateCallback) {
+            throw new Error('Argument consentsUpdateCallback is required');
+        }
+        if (typeof consentsUpdateCallback !== 'function') {
+            throw new Error('Argument consentsUpdateCallback must be a function');
+        }
+    }
+    resolveBaseUrl(baseUrlOrEnv) {
+        if (baseUrlOrEnv === 'staging') {
+            return 'https://gds-single-consent-staging.app';
+        }
+        else if (baseUrlOrEnv === 'production') {
+            return 'https://gds-single-consent.app';
+        }
+        // If not "staging" or "production", assume it's a custom URL
+        return baseUrlOrEnv;
+    }
+    initialiseUIDandConsents() {
+        const currentUID = this.getCurrentUID();
+        if (this.isNewUID(currentUID)) {
+            this.handleNewUID(currentUID);
+        }
+        if (this.uid) {
+            this.fetchAndUpdateConsents();
+        }
+        else {
+            this._consentsUpdateCallback(null, false, null);
+        }
+    }
+    handleNewUID(newUID) {
+        this.uid = newUID;
+        this.updateLinksEventHandlers(newUID);
+        this.setUIDCookie(newUID);
+    }
+    isNewUID(currentUID) {
+        return currentUID && currentUID !== this.uid;
+    }
+    fetchAndUpdateConsents() {
+        const consentsUrl = this.urls.consents(this.uid);
+        request(consentsUrl, { timeout: 1000 }, (jsonResponse) => {
+            if (!validateConsentObject(jsonResponse.status)) {
+                const error = new Error('Invalid consents object returned from the API: ' + JSON.stringify(jsonResponse));
+                return this.defaultToRejectAllConsents(error);
+            }
+            const consents = jsonResponse.status;
+            this.updateBrowserConsents(consents);
+            this._consentsUpdateCallback(consents, GovSingleConsent.isConsentPreferencesSet(), null);
+        }, (error) => this.defaultToRejectAllConsents(error));
+    }
+    getCurrentUID() {
+        // Get the current uid from URL or from the cookie if it exists
+        return this.config.uidFromUrl || this.config.uidFromCookie;
+    }
+    setConsents(consents) {
+        if (!consents) {
+            throw new Error('consents is required in GovSingleConsent.setConsents()');
+        }
+        const successCallback = (response) => {
+            if (!response.uid) {
+                throw new Error('No UID returned from the API');
+            }
+            if (this.isNewUID(response.uid)) {
+                this.handleNewUID(response.uid);
+            }
+            this.updateBrowserConsents(consents);
+            this._consentsUpdateCallback(consents, GovSingleConsent.isConsentPreferencesSet(), null);
+        };
+        const url = this.urls.consents(this.uid);
+        request(url, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: 'status='.concat(JSON.stringify(consents)),
+        }, successCallback, (error) => this.defaultToRejectAllConsents(error));
+    }
+    defaultToRejectAllConsents(error) {
+        this.updateBrowserConsents(GovSingleConsent.REJECT_ALL);
+        this._consentsUpdateCallback(GovSingleConsent.REJECT_ALL, GovSingleConsent.isConsentPreferencesSet(), error);
+    }
+    static getConsents() {
+        if (window.cachedConsentsCookie) {
+            return window.cachedConsentsCookie;
+        }
+        const cookieValue = getCookie(GovConsentConfig.CONSENTS_COOKIE_NAME, null);
+        if (cookieValue) {
+            return JSON.parse(cookieValue);
+        }
+        return null;
+    }
+    static hasConsentedToEssential() {
+        const consents = GovSingleConsent.getConsents();
+        return consents === null || consents === void 0 ? void 0 : consents.essential;
+    }
+    static hasConsentedToUsage() {
+        const consents = GovSingleConsent.getConsents();
+        return consents === null || consents === void 0 ? void 0 : consents.usage;
+    }
+    static hasConsentedToCampaigns() {
+        const consents = GovSingleConsent.getConsents();
+        return consents === null || consents === void 0 ? void 0 : consents.campaigns;
+    }
+    static hasConsentedToSettings() {
+        const consents = GovSingleConsent.getConsents();
+        return consents === null || consents === void 0 ? void 0 : consents.settings;
+    }
+    static isConsentPreferencesSet() {
+        const value = getCookie(GovConsentConfig.PREFERENCES_SET_COOKIE_NAME, null);
+        return value === 'true';
+    }
+    updateLinksEventHandlers(currentUID) {
+        request(this.urls.origins(), {}, 
+        // Update links with UID
+        (origins) => this.addUIDtoCrossOriginLinks(origins, currentUID), (error) => {
+            throw error;
+        });
+    }
+    addUIDtoCrossOriginLinks(origins, uid) {
+        /**
+         * Adds uid URL parameter to consent sharing links.
+         * Only links with known origins are updated.
+         */
+        const links = document.querySelectorAll('a[href]');
+        Array.prototype.forEach.call(links, (link) => {
+            if (isCrossOrigin(link) &&
+                origins.indexOf(getOriginFromLink(link)) >= 0) {
+                link.addEventListener('click', (event) => {
+                    event.target.href = addUrlParameter(event.target.href, GovConsentConfig.UID_KEY, uid);
+                });
+            }
+        });
+    }
+    setUIDCookie(uid) {
+        setCookie({
+            name: GovConsentConfig.UID_KEY,
+            value: uid,
+            lifetime: GovConsentConfig.COOKIE_LIFETIME,
+        });
+    }
+    updateBrowserConsents(consents) {
+        this.setConsentsCookie(consents);
+        this.setPreferencesSetCookie(true);
+        window.cachedConsentsCookie = consents;
+    }
+    setConsentsCookie(consents) {
+        setCookie({
+            name: GovConsentConfig.CONSENTS_COOKIE_NAME,
+            value: JSON.stringify(consents),
+            lifetime: GovConsentConfig.COOKIE_LIFETIME,
+        });
+    }
+    setPreferencesSetCookie(value) {
+        setCookie({
+            name: GovConsentConfig.PREFERENCES_SET_COOKIE_NAME,
+            value: value.toString(),
+            lifetime: GovConsentConfig.COOKIE_LIFETIME,
+        });
+    }
+    hideUIDParameter() {
+        history.replaceState(null, null, removeUrlParameter(location.href, GovConsentConfig.UID_KEY));
+    }
+}
+GovSingleConsent.ACCEPT_ALL = {
+    essential: true,
+    usage: true,
+    campaigns: true,
+    settings: true,
+};
+GovSingleConsent.REJECT_ALL = {
+    essential: true,
+    usage: false,
+    campaigns: false,
+    settings: false,
+};
+
+if (isBrowser()) {
+    window.GovSingleConsent = GovSingleConsent;
+}
+
+exports.GovSingleConsent = GovSingleConsent;