@dwp/govuk-casa 8.4.0 → 8.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -54,12 +54,17 @@ exports.includes = includes;
54
54
  * object - {dd:'', mm:'', yyyy:''}
55
55
  *
56
56
  * @memberof NunjucksFilters
57
- * @param {object} date Date (see supported formats above)
58
- * @param {object} config Holds locale
57
+ * @param {object} date Date
58
+ * @param {string} date.dd Day
59
+ * @param {string} date.mm Month
60
+ * @param {string} date.yyyy Year
61
+ * @param {object} [config] Options
62
+ * @param {string} [config.locale] Locale (default 'en')
63
+ * @param {string} [config.format] Format (default 'd MMMM yyyy')
59
64
  * @returns {string} Formatted date
60
65
  */
61
66
  function formatDateObject(date, config = {}) {
62
- const { locale = 'en' } = config;
67
+ const { locale = 'en', format = 'd MMMM yyyy' } = config;
63
68
  if (Object.prototype.toString.call(date) === '[object Object]'
64
69
  && 'yyyy' in date
65
70
  && 'mm' in date
@@ -68,7 +73,7 @@ function formatDateObject(date, config = {}) {
68
73
  year: Math.max(0, parseInt(date.yyyy, 10)),
69
74
  month: Math.max(0, parseInt(date.mm, 10)),
70
75
  day: Math.max(1, parseInt(date.dd, 10)),
71
- }).setLocale(locale).toFormat('d MMMM yyyy');
76
+ }).setLocale(locale).toFormat(format);
72
77
  }
73
78
  return 'INVALID DATE OBJECT';
74
79
  }
@@ -26,31 +26,31 @@ function postMiddleware() {
26
26
  // CSRF token is invalid in some way
27
27
  if ((err === null || err === void 0 ? void 0 : err.code) === 'EBADCSRFTOKEN') {
28
28
  log.info('CSRF validation has failed. This may be caused by the user submitting a stale form from a previous session [EBADCSRFTOKEN]');
29
- return res.status(403).render(TEMPLATE, { errorCode: 'bad_csrf_token' });
29
+ return res.status(403).render(TEMPLATE, { errorCode: 'bad_csrf_token', error: err });
30
30
  }
31
31
  // Body parsing verification check failed
32
32
  if ((err === null || err === void 0 ? void 0 : err.type) === 'entity.verify.failed') {
33
33
  log.info('Body parser verification has failed. This has been caused by the user submitting a payload containing invalid data [entity.verify.failed]');
34
- return res.status(403).render(TEMPLATE, { errorCode: 'invalid_payload' });
34
+ return res.status(403).render(TEMPLATE, { errorCode: 'invalid_payload', error: err });
35
35
  }
36
36
  // Too many parameters submitted
37
37
  if ((err === null || err === void 0 ? void 0 : err.type) === 'parameters.too.many') {
38
38
  log.info('The request contains more parameters than is currently allowed [parameters.too.many]');
39
- return res.status(413).render(TEMPLATE, { errorCode: 'parameter_limit_exceeded' });
39
+ return res.status(413).render(TEMPLATE, { errorCode: 'parameter_limit_exceeded', error: err });
40
40
  }
41
41
  // Overall payload too large
42
42
  if ((err === null || err === void 0 ? void 0 : err.type) === 'entity.too.large') {
43
43
  log.info(`The request payload is too large. Received ${err.length}b with a maximum of ${err.limit}b [parameters.too.many]`);
44
- return res.status(413).render(TEMPLATE, { errorCode: 'payload_size_exceeded' });
44
+ return res.status(413).render(TEMPLATE, { errorCode: 'payload_size_exceeded', error: err });
45
45
  }
46
46
  // Unaccept request method
47
47
  if ((err === null || err === void 0 ? void 0 : err.code) === 'unaccepted_request_method') {
48
48
  log.info(err.message);
49
- return res.status(400).render(TEMPLATE, { errorCode: 'unaccepted_request_method' });
49
+ return res.status(400).render(TEMPLATE, { errorCode: 'unaccepted_request_method', error: err });
50
50
  }
51
51
  // Unknown error
52
52
  log.error(`Unknown error: ${err.message}; stacktrace: ${err.stack}`);
53
- return res.status(200).render(TEMPLATE);
53
+ return res.status(200).render(TEMPLATE, { error: err });
54
54
  },
55
55
  ];
56
56
  }
@@ -5,13 +5,29 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
5
5
  Object.defineProperty(exports, "__esModule", { value: true });
6
6
  const crypto_1 = require("crypto");
7
7
  const helmet_1 = __importDefault(require("helmet"));
8
- const GA_DOMAIN = '*.google-analytics.com';
9
- const GA_ANALYTICS_DOMAIN = '*.analytics.google.com';
10
- const GTM_DOMAIN = 'www.googletagmanager.com';
11
8
  /**
12
9
  * @access private
13
10
  * @typedef {import('../casa').HelmetConfigurator} HelmetConfigurator
14
11
  */
12
+ const GA_DOMAIN = '*.google-analytics.com';
13
+ const GA_ANALYTICS_DOMAIN = '*.analytics.google.com';
14
+ const GTM_DOMAIN = '*.googletagmanager.com';
15
+ const GTM_PREVIEW_DOMAIN = 'https://tagmanager.google.com';
16
+ /**
17
+ * Extracts the CSP nonce used in every template, and makes it available as a
18
+ * nonce value in the CSP header.
19
+ *
20
+ * IMPORTANT: Do not rename this function as it _might_ be used in consumer code
21
+ * to identify this function specifically, most likely to remove it from CSP
22
+ * headers for custom purposes.
23
+ *
24
+ * @param {import('express').Request} req Request
25
+ * @param {import('express').Response} res Response
26
+ * @returns {string} nonce value suitable for use in CSP header
27
+ */
28
+ function casaCspNonce(req, res) {
29
+ return `'nonce-${res.locals.cspNonce}'`;
30
+ }
15
31
  /**
16
32
  * Pre middleware.
17
33
  *
@@ -55,14 +71,14 @@ exports.default = ({ helmetConfigurator = (config) => (config), } = {}) => [
55
71
  useDefaults: true,
56
72
  directives: {
57
73
  'default-src': ["'none'"],
58
- 'script-src': ["'self'", GA_DOMAIN, GTM_DOMAIN, (req, res) => `'nonce-${res.locals.cspNonce}'`],
59
- 'img-src': ["'self'", GA_DOMAIN, GA_ANALYTICS_DOMAIN],
60
- 'connect-src': ["'self'", GA_DOMAIN, GA_ANALYTICS_DOMAIN],
74
+ 'script-src': ["'self'", GA_DOMAIN, GTM_DOMAIN, GTM_PREVIEW_DOMAIN, casaCspNonce],
75
+ 'img-src': ["'self'", GA_DOMAIN, GA_ANALYTICS_DOMAIN, GTM_DOMAIN, 'https://ssl.gstatic.com', 'https://www.gstatic.com'],
76
+ 'connect-src': ["'self'", GA_DOMAIN, GA_ANALYTICS_DOMAIN, GTM_DOMAIN],
61
77
  'frame-src': ["'self'", GTM_DOMAIN],
62
78
  'frame-ancestors': ["'self'"],
63
79
  'form-action': ["'self'"],
64
- 'style-src': ["'self'", (req, res) => `'nonce-${res.locals.cspNonce}'`],
65
- 'font-src': ["'self'"],
80
+ 'style-src': ["'self'", 'https://fonts.googleapis.com', GTM_PREVIEW_DOMAIN, casaCspNonce],
81
+ 'font-src': ["'self'", 'data:', 'https://fonts.gstatic.com'],
66
82
  },
67
83
  },
68
84
  // // Require referrer to aid navigation
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dwp/govuk-casa",
3
- "version": "8.4.0",
3
+ "version": "8.5.2",
4
4
  "description": "A framework for building GOVUK Collect-And-Submit-Applications",
5
5
  "repository": {
6
6
  "type": "git",
@@ -46,12 +46,12 @@
46
46
  "csurf": "1.11.0",
47
47
  "debug": "4.3.4",
48
48
  "deepmerge": "4.2.2",
49
- "express": "4.18.1",
49
+ "express": "4.18.2",
50
50
  "express-session": "1.17.3",
51
- "govuk-frontend": "4.2.0",
51
+ "govuk-frontend": "4.3.1",
52
52
  "graphlib": "2.1.8",
53
- "helmet": "5.1.0",
54
- "i18next": "21.8.14",
53
+ "helmet": "5.1.1",
54
+ "i18next": "21.10.0",
55
55
  "i18next-http-middleware": "3.2.1",
56
56
  "js-yaml": "4.1.0",
57
57
  "lodash": "4.17.21",
@@ -62,38 +62,38 @@
62
62
  "validator": "13.7.0"
63
63
  },
64
64
  "devDependencies": {
65
- "@babel/core": "7.18.9",
66
- "@babel/eslint-parser": "7.18.9",
67
- "@babel/preset-env": "7.18.9",
68
- "@ckeditor/jsdoc-plugins": "30.3.2",
69
- "@commitlint/config-conventional": "17.0.3",
65
+ "@babel/core": "7.19.6",
66
+ "@babel/eslint-parser": "7.19.1",
67
+ "@babel/preset-env": "7.19.4",
68
+ "@ckeditor/jsdoc-plugins": "30.5.0",
69
+ "@commitlint/config-conventional": "17.1.0",
70
70
  "@dwp/casa-spiderplan": "2.4.1",
71
71
  "@dwp/casa-spiderplan-a11y-plugin": "0.1.4",
72
72
  "@dwp/casa-spiderplan-zap-plugin": "0.1.1",
73
73
  "@dwp/eslint-config-base": "6.0.0",
74
- "@types/express": "4.17.13",
75
- "@types/node": "18.0.0",
74
+ "@types/express": "4.17.14",
75
+ "@types/node": "18.11.8",
76
76
  "@types/nunjucks": "3.2.1",
77
77
  "babel-eslint": "10.1.0",
78
- "c8": "7.11.3",
78
+ "c8": "7.12.0",
79
79
  "chai": "4.3.6",
80
80
  "cheerio": "1.0.0-rc.12",
81
- "commitlint": "17.0.3",
81
+ "commitlint": "17.1.2",
82
82
  "docdash": "1.2.0",
83
- "eslint": "8.20.0",
83
+ "eslint": "8.26.0",
84
84
  "eslint-plugin-no-unsafe-regex": "1.0.0",
85
85
  "eslint-plugin-security": "1.5.0",
86
- "eslint-plugin-sonarjs": "0.13.0",
87
- "fast-check": "3.0.1",
86
+ "eslint-plugin-sonarjs": "0.16.0",
87
+ "fast-check": "3.3.0",
88
88
  "husky": "8.0.1",
89
- "jsdoc": "3.6.10",
89
+ "jsdoc": "3.6.11",
90
90
  "jsdoc-tsimport-plugin": "1.0.5",
91
- "mocha": "10.0.0",
92
- "sass": "1.53.0",
93
- "sinon": "14.0.0",
91
+ "mocha": "10.1.0",
92
+ "sass": "1.55.0",
93
+ "sinon": "14.0.1",
94
94
  "sinon-chai": "3.7.0",
95
95
  "standard-version": "9.5.0",
96
- "supertest": "6.2.4",
97
- "typescript": "4.7.4"
96
+ "supertest": "6.3.1",
97
+ "typescript": "4.8.4"
98
98
  }
99
99
  }