@dwp/govuk-casa 8.4.0 → 8.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +11 -0
- package/dist/assets/css/casa-ie8.css +1 -1
- package/dist/assets/css/casa.css +1 -1
- package/dist/lib/field.d.ts +1 -0
- package/dist/lib/field.js +7 -1
- package/dist/lib/nunjucks-filters.d.ts +15 -3
- package/dist/lib/nunjucks-filters.js +9 -4
- package/dist/middleware/post.js +6 -6
- package/dist/middleware/pre.js +24 -8
- package/package.json +23 -23
|
@@ -54,12 +54,17 @@ exports.includes = includes;
|
|
|
54
54
|
* object - {dd:'', mm:'', yyyy:''}
|
|
55
55
|
*
|
|
56
56
|
* @memberof NunjucksFilters
|
|
57
|
-
* @param {object} date Date
|
|
58
|
-
* @param {
|
|
57
|
+
* @param {object} date Date
|
|
58
|
+
* @param {string} date.dd Day
|
|
59
|
+
* @param {string} date.mm Month
|
|
60
|
+
* @param {string} date.yyyy Year
|
|
61
|
+
* @param {object} [config] Options
|
|
62
|
+
* @param {string} [config.locale] Locale (default 'en')
|
|
63
|
+
* @param {string} [config.format] Format (default 'd MMMM yyyy')
|
|
59
64
|
* @returns {string} Formatted date
|
|
60
65
|
*/
|
|
61
66
|
function formatDateObject(date, config = {}) {
|
|
62
|
-
const { locale = 'en' } = config;
|
|
67
|
+
const { locale = 'en', format = 'd MMMM yyyy' } = config;
|
|
63
68
|
if (Object.prototype.toString.call(date) === '[object Object]'
|
|
64
69
|
&& 'yyyy' in date
|
|
65
70
|
&& 'mm' in date
|
|
@@ -68,7 +73,7 @@ function formatDateObject(date, config = {}) {
|
|
|
68
73
|
year: Math.max(0, parseInt(date.yyyy, 10)),
|
|
69
74
|
month: Math.max(0, parseInt(date.mm, 10)),
|
|
70
75
|
day: Math.max(1, parseInt(date.dd, 10)),
|
|
71
|
-
}).setLocale(locale).toFormat(
|
|
76
|
+
}).setLocale(locale).toFormat(format);
|
|
72
77
|
}
|
|
73
78
|
return 'INVALID DATE OBJECT';
|
|
74
79
|
}
|
package/dist/middleware/post.js
CHANGED
|
@@ -26,31 +26,31 @@ function postMiddleware() {
|
|
|
26
26
|
// CSRF token is invalid in some way
|
|
27
27
|
if ((err === null || err === void 0 ? void 0 : err.code) === 'EBADCSRFTOKEN') {
|
|
28
28
|
log.info('CSRF validation has failed. This may be caused by the user submitting a stale form from a previous session [EBADCSRFTOKEN]');
|
|
29
|
-
return res.status(403).render(TEMPLATE, { errorCode: 'bad_csrf_token' });
|
|
29
|
+
return res.status(403).render(TEMPLATE, { errorCode: 'bad_csrf_token', error: err });
|
|
30
30
|
}
|
|
31
31
|
// Body parsing verification check failed
|
|
32
32
|
if ((err === null || err === void 0 ? void 0 : err.type) === 'entity.verify.failed') {
|
|
33
33
|
log.info('Body parser verification has failed. This has been caused by the user submitting a payload containing invalid data [entity.verify.failed]');
|
|
34
|
-
return res.status(403).render(TEMPLATE, { errorCode: 'invalid_payload' });
|
|
34
|
+
return res.status(403).render(TEMPLATE, { errorCode: 'invalid_payload', error: err });
|
|
35
35
|
}
|
|
36
36
|
// Too many parameters submitted
|
|
37
37
|
if ((err === null || err === void 0 ? void 0 : err.type) === 'parameters.too.many') {
|
|
38
38
|
log.info('The request contains more parameters than is currently allowed [parameters.too.many]');
|
|
39
|
-
return res.status(413).render(TEMPLATE, { errorCode: 'parameter_limit_exceeded' });
|
|
39
|
+
return res.status(413).render(TEMPLATE, { errorCode: 'parameter_limit_exceeded', error: err });
|
|
40
40
|
}
|
|
41
41
|
// Overall payload too large
|
|
42
42
|
if ((err === null || err === void 0 ? void 0 : err.type) === 'entity.too.large') {
|
|
43
43
|
log.info(`The request payload is too large. Received ${err.length}b with a maximum of ${err.limit}b [parameters.too.many]`);
|
|
44
|
-
return res.status(413).render(TEMPLATE, { errorCode: 'payload_size_exceeded' });
|
|
44
|
+
return res.status(413).render(TEMPLATE, { errorCode: 'payload_size_exceeded', error: err });
|
|
45
45
|
}
|
|
46
46
|
// Unaccept request method
|
|
47
47
|
if ((err === null || err === void 0 ? void 0 : err.code) === 'unaccepted_request_method') {
|
|
48
48
|
log.info(err.message);
|
|
49
|
-
return res.status(400).render(TEMPLATE, { errorCode: 'unaccepted_request_method' });
|
|
49
|
+
return res.status(400).render(TEMPLATE, { errorCode: 'unaccepted_request_method', error: err });
|
|
50
50
|
}
|
|
51
51
|
// Unknown error
|
|
52
52
|
log.error(`Unknown error: ${err.message}; stacktrace: ${err.stack}`);
|
|
53
|
-
return res.status(200).render(TEMPLATE);
|
|
53
|
+
return res.status(200).render(TEMPLATE, { error: err });
|
|
54
54
|
},
|
|
55
55
|
];
|
|
56
56
|
}
|
package/dist/middleware/pre.js
CHANGED
|
@@ -5,13 +5,29 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
const crypto_1 = require("crypto");
|
|
7
7
|
const helmet_1 = __importDefault(require("helmet"));
|
|
8
|
-
const GA_DOMAIN = '*.google-analytics.com';
|
|
9
|
-
const GA_ANALYTICS_DOMAIN = '*.analytics.google.com';
|
|
10
|
-
const GTM_DOMAIN = 'www.googletagmanager.com';
|
|
11
8
|
/**
|
|
12
9
|
* @access private
|
|
13
10
|
* @typedef {import('../casa').HelmetConfigurator} HelmetConfigurator
|
|
14
11
|
*/
|
|
12
|
+
const GA_DOMAIN = '*.google-analytics.com';
|
|
13
|
+
const GA_ANALYTICS_DOMAIN = '*.analytics.google.com';
|
|
14
|
+
const GTM_DOMAIN = '*.googletagmanager.com';
|
|
15
|
+
const GTM_PREVIEW_DOMAIN = 'https://tagmanager.google.com';
|
|
16
|
+
/**
|
|
17
|
+
* Extracts the CSP nonce used in every template, and makes it available as a
|
|
18
|
+
* nonce value in the CSP header.
|
|
19
|
+
*
|
|
20
|
+
* IMPORTANT: Do not rename this function as it _might_ be used in consumer code
|
|
21
|
+
* to identify this function specifically, most likely to remove it from CSP
|
|
22
|
+
* headers for custom purposes.
|
|
23
|
+
*
|
|
24
|
+
* @param {import('express').Request} req Request
|
|
25
|
+
* @param {import('express').Response} res Response
|
|
26
|
+
* @returns {string} nonce value suitable for use in CSP header
|
|
27
|
+
*/
|
|
28
|
+
function casaCspNonce(req, res) {
|
|
29
|
+
return `'nonce-${res.locals.cspNonce}'`;
|
|
30
|
+
}
|
|
15
31
|
/**
|
|
16
32
|
* Pre middleware.
|
|
17
33
|
*
|
|
@@ -55,14 +71,14 @@ exports.default = ({ helmetConfigurator = (config) => (config), } = {}) => [
|
|
|
55
71
|
useDefaults: true,
|
|
56
72
|
directives: {
|
|
57
73
|
'default-src': ["'none'"],
|
|
58
|
-
'script-src': ["'self'", GA_DOMAIN, GTM_DOMAIN,
|
|
59
|
-
'img-src': ["'self'", GA_DOMAIN, GA_ANALYTICS_DOMAIN],
|
|
60
|
-
'connect-src': ["'self'", GA_DOMAIN, GA_ANALYTICS_DOMAIN],
|
|
74
|
+
'script-src': ["'self'", GA_DOMAIN, GTM_DOMAIN, GTM_PREVIEW_DOMAIN, casaCspNonce],
|
|
75
|
+
'img-src': ["'self'", GA_DOMAIN, GA_ANALYTICS_DOMAIN, GTM_DOMAIN, 'https://ssl.gstatic.com', 'https://www.gstatic.com'],
|
|
76
|
+
'connect-src': ["'self'", GA_DOMAIN, GA_ANALYTICS_DOMAIN, GTM_DOMAIN],
|
|
61
77
|
'frame-src': ["'self'", GTM_DOMAIN],
|
|
62
78
|
'frame-ancestors': ["'self'"],
|
|
63
79
|
'form-action': ["'self'"],
|
|
64
|
-
'style-src': ["'self'",
|
|
65
|
-
'font-src': ["'self'"],
|
|
80
|
+
'style-src': ["'self'", 'https://fonts.googleapis.com', GTM_PREVIEW_DOMAIN, casaCspNonce],
|
|
81
|
+
'font-src': ["'self'", 'data:', 'https://fonts.gstatic.com'],
|
|
66
82
|
},
|
|
67
83
|
},
|
|
68
84
|
// // Require referrer to aid navigation
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@dwp/govuk-casa",
|
|
3
|
-
"version": "8.
|
|
3
|
+
"version": "8.5.2",
|
|
4
4
|
"description": "A framework for building GOVUK Collect-And-Submit-Applications",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -46,12 +46,12 @@
|
|
|
46
46
|
"csurf": "1.11.0",
|
|
47
47
|
"debug": "4.3.4",
|
|
48
48
|
"deepmerge": "4.2.2",
|
|
49
|
-
"express": "4.18.
|
|
49
|
+
"express": "4.18.2",
|
|
50
50
|
"express-session": "1.17.3",
|
|
51
|
-
"govuk-frontend": "4.
|
|
51
|
+
"govuk-frontend": "4.3.1",
|
|
52
52
|
"graphlib": "2.1.8",
|
|
53
|
-
"helmet": "5.1.
|
|
54
|
-
"i18next": "21.
|
|
53
|
+
"helmet": "5.1.1",
|
|
54
|
+
"i18next": "21.10.0",
|
|
55
55
|
"i18next-http-middleware": "3.2.1",
|
|
56
56
|
"js-yaml": "4.1.0",
|
|
57
57
|
"lodash": "4.17.21",
|
|
@@ -62,38 +62,38 @@
|
|
|
62
62
|
"validator": "13.7.0"
|
|
63
63
|
},
|
|
64
64
|
"devDependencies": {
|
|
65
|
-
"@babel/core": "7.
|
|
66
|
-
"@babel/eslint-parser": "7.
|
|
67
|
-
"@babel/preset-env": "7.
|
|
68
|
-
"@ckeditor/jsdoc-plugins": "30.
|
|
69
|
-
"@commitlint/config-conventional": "17.0
|
|
65
|
+
"@babel/core": "7.19.6",
|
|
66
|
+
"@babel/eslint-parser": "7.19.1",
|
|
67
|
+
"@babel/preset-env": "7.19.4",
|
|
68
|
+
"@ckeditor/jsdoc-plugins": "30.5.0",
|
|
69
|
+
"@commitlint/config-conventional": "17.1.0",
|
|
70
70
|
"@dwp/casa-spiderplan": "2.4.1",
|
|
71
71
|
"@dwp/casa-spiderplan-a11y-plugin": "0.1.4",
|
|
72
72
|
"@dwp/casa-spiderplan-zap-plugin": "0.1.1",
|
|
73
73
|
"@dwp/eslint-config-base": "6.0.0",
|
|
74
|
-
"@types/express": "4.17.
|
|
75
|
-
"@types/node": "18.
|
|
74
|
+
"@types/express": "4.17.14",
|
|
75
|
+
"@types/node": "18.11.8",
|
|
76
76
|
"@types/nunjucks": "3.2.1",
|
|
77
77
|
"babel-eslint": "10.1.0",
|
|
78
|
-
"c8": "7.
|
|
78
|
+
"c8": "7.12.0",
|
|
79
79
|
"chai": "4.3.6",
|
|
80
80
|
"cheerio": "1.0.0-rc.12",
|
|
81
|
-
"commitlint": "17.
|
|
81
|
+
"commitlint": "17.1.2",
|
|
82
82
|
"docdash": "1.2.0",
|
|
83
|
-
"eslint": "8.
|
|
83
|
+
"eslint": "8.26.0",
|
|
84
84
|
"eslint-plugin-no-unsafe-regex": "1.0.0",
|
|
85
85
|
"eslint-plugin-security": "1.5.0",
|
|
86
|
-
"eslint-plugin-sonarjs": "0.
|
|
87
|
-
"fast-check": "3.0
|
|
86
|
+
"eslint-plugin-sonarjs": "0.16.0",
|
|
87
|
+
"fast-check": "3.3.0",
|
|
88
88
|
"husky": "8.0.1",
|
|
89
|
-
"jsdoc": "3.6.
|
|
89
|
+
"jsdoc": "3.6.11",
|
|
90
90
|
"jsdoc-tsimport-plugin": "1.0.5",
|
|
91
|
-
"mocha": "10.
|
|
92
|
-
"sass": "1.
|
|
93
|
-
"sinon": "14.0.
|
|
91
|
+
"mocha": "10.1.0",
|
|
92
|
+
"sass": "1.55.0",
|
|
93
|
+
"sinon": "14.0.1",
|
|
94
94
|
"sinon-chai": "3.7.0",
|
|
95
95
|
"standard-version": "9.5.0",
|
|
96
|
-
"supertest": "6.
|
|
97
|
-
"typescript": "4.
|
|
96
|
+
"supertest": "6.3.1",
|
|
97
|
+
"typescript": "4.8.4"
|
|
98
98
|
}
|
|
99
99
|
}
|