Skip to content

Commit

Permalink
CCM-5340: add test for ]connect-src
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexnuttall
alexnuttall committed Feb 7, 2025
1 parent 64e111d commit d168bcc
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 3 deletions.
10 changes: 8 additions & 2 deletions src/__tests__/middleware.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@
import { NextRequest } from 'next/server';
import { middleware } from '../middleware';

jest.mock('../utils/public-constants', () => ({
getConstants: () => ({
COGNITO_DOMAIN: 'auth.env.iam.dev.nhsnotify.national.nhs.uk',
}),
}));

const OLD_ENV = { ...process.env };
afterAll(() => {
process.env = OLD_ENV;
Expand All @@ -29,7 +35,7 @@ describe('middleware function', () => {
"font-src 'self' https://assets.nhs.uk",
"form-action 'self'",
"frame-src 'self'",
"connect-src 'self' https://cognito-idp.eu-west-2.amazonaws.com",
"connect-src 'self' https://cognito-idp.eu-west-2.amazonaws.com https://auth.env.iam.dev.nhsnotify.national.nhs.uk/oauth2/token",
"img-src 'self'",
"manifest-src 'self'",
"object-src 'none'",
Expand All @@ -51,7 +57,7 @@ describe('middleware function', () => {
"font-src 'self' https://assets.nhs.uk",
"form-action 'self'",
"frame-src 'self'",
"connect-src 'self' https://cognito-idp.eu-west-2.amazonaws.com",
"connect-src 'self' https://cognito-idp.eu-west-2.amazonaws.com https://auth.env.iam.dev.nhsnotify.national.nhs.uk/oauth2/token",
"img-src 'self'",
"manifest-src 'self'",
"object-src 'none'",
Expand Down
5 changes: 4 additions & 1 deletion src/middleware.ts
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
import { NextRequest, NextResponse } from 'next/server';
import { getConstants } from './utils/public-constants';

const { COGNITO_DOMAIN } = getConstants();

function getContentSecurityPolicy(nonce: string) {
const contentSecurityPolicyDirective = {
Expand All @@ -11,7 +14,7 @@ function getContentSecurityPolicy(nonce: string) {
'connect-src': [
`'self'`,
'https://cognito-idp.eu-west-2.amazonaws.com',
'https://nhs-notify-975050048865-eu-west-2-alnu1-app.auth.eu-west-2.amazoncognito.com/oauth2/token',
`https://${COGNITO_DOMAIN}/oauth2/token`,
],
'img-src': [`'self'`],
'manifest-src': [`'self'`],
Expand Down

0 comments on commit d168bcc

Please sign in to comment.