diff options
| -rw-r--r-- | perllib/FixMyStreet/Cobrand/FixMyStreet.pm | 10 | ||||
| -rw-r--r-- | perllib/FixMyStreet/Cobrand/UK.pm | 5 | ||||
| -rw-r--r-- | t/cobrand/councils.t | 24 |
3 files changed, 29 insertions, 10 deletions
diff --git a/perllib/FixMyStreet/Cobrand/FixMyStreet.pm b/perllib/FixMyStreet/Cobrand/FixMyStreet.pm index 8ef51f328..0d2bf3663 100644 --- a/perllib/FixMyStreet/Cobrand/FixMyStreet.pm +++ b/perllib/FixMyStreet/Cobrand/FixMyStreet.pm @@ -4,8 +4,6 @@ use base 'FixMyStreet::Cobrand::UK'; use strict; use warnings; -use mySociety::Random; - use constant COUNCIL_ID_BROMLEY => 2482; use constant COUNCIL_ID_ISLEOFWIGHT => 2636; @@ -25,14 +23,6 @@ sub path_to_email_templates { ]; } -sub add_response_headers { - my $self = shift; - # uncoverable branch true - return if $self->{c}->debug; - my $csp_nonce = $self->{c}->stash->{csp_nonce} = unpack('h*', mySociety::Random::random_bytes(16, 1)); - $self->{c}->res->header('Content-Security-Policy', "script-src 'self' www.google-analytics.com www.googleadservices.com 'unsafe-inline' 'nonce-$csp_nonce'") -} - # FixMyStreet should return all cobrands sub restriction { return {}; diff --git a/perllib/FixMyStreet/Cobrand/UK.pm b/perllib/FixMyStreet/Cobrand/UK.pm index 18bf01476..83df590db 100644 --- a/perllib/FixMyStreet/Cobrand/UK.pm +++ b/perllib/FixMyStreet/Cobrand/UK.pm @@ -11,6 +11,11 @@ sub country { return 'GB'; } sub area_types { [ 'DIS', 'LBO', 'MTD', 'UTA', 'CTY', 'COI', 'LGD' ] } sub area_types_children { $mySociety::VotingArea::council_child_types } +sub csp_config { + my $self = shift; + return $self->feature('content_security_policy'); +} + sub enter_postcode_text { my ( $self ) = @_; return _("Enter a nearby UK postcode, or street name and area"); diff --git a/t/cobrand/councils.t b/t/cobrand/councils.t index a194a9be1..aac682b19 100644 --- a/t/cobrand/councils.t +++ b/t/cobrand/councils.t @@ -90,5 +90,29 @@ subtest "Test update shown/not shown appropriately" => sub { } }; +subtest "CSP header from feature" => sub { + foreach my $cobrand ( + { moniker => 'oxfordshire', test => 'oxon.analytics.example.org' }, + { moniker =>'fixmystreet', test => '' }, + { moniker => 'nonsecure', test => undef }, + ) { + FixMyStreet::override_config { + ALLOWED_COBRANDS => $cobrand->{moniker}, + COBRAND_FEATURES => { + content_security_policy => { + oxfordshire => 'oxon.analytics.example.org', + fixmystreet => 1, + } + }, + }, sub { + $mech->get_ok("/"); + if (defined $cobrand->{test}) { + like $mech->res->header('Content-Security-Policy'), qr/script-src 'self' 'unsafe-inline' 'nonce-[^']*' $cobrand->{test}/; + } else { + is $mech->res->header('Content-Security-Policy'), undef; + } + }; + } +}; done_testing(); |