Use form POST request when clearing session data

This builds on the work done in #588. Previously the ‘clear data’ feature used two GET requests – one to display the confirmation screen, and a second to actually clear the session data. This is not ideal because GET requests are meant to be nullipotent (to have no side effects), and links from the docs part of the kit were still pointing to the old URL, which bypassed the confirmation screen. This adds a form to the confirmation screen which POSTs to itself (/prototype-admin/clear-data), and changes the old data-clearing route to match.
alphagov · Oct 8, 2018 · ae83a74 · ae83a74
1 parent 8bf8ab2
commit ae83a74
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 52 deletions.
diff --git a/app/views/layout.html b/app/views/layout.html
@@ -52,7 +52,7 @@
             text: "GOV.UK Prototype Kit " + releaseVersion
           },
           {
-            href: "/prototype-admin/clears-data",
+            href: "/prototype-admin/clear-data",
             text: "Clear data"
           }
         ]

diff --git a/lib/prototype-admin/clear-data-success.html b/lib/prototype-admin/clear-data-success.html
@@ -0,0 +1,23 @@
+{% extends "layout.html" %}
+
+{% block pageTitle %}
+  Clear data
+{% endblock %}
+
+{% block content %}
+
+  <h1 class="govuk-heading-m">
+    Data cleared
+  </h1>
+
+  <p>
+    The session data has been cleared.
+  </p>
+
+  <p>
+    <a href="/">
+      Prototype home page
+    </a>
+  </p>
+
+{% endblock %}
diff --git a/lib/prototype-admin/clear-data.html b/lib/prototype-admin/clear-data.html
@@ -1,23 +1,36 @@
+
 {% extends "layout.html" %}
 
 {% block pageTitle %}
-  Clear data
+  Clear data? | GOV.UK Prototype Kit
 {% endblock %}
 
-{% block content %}
+{% block beforeContent %}
+  {{ govukBackLink({
+      "text": "Back",
+      "href": "javascript: window.history.go(-1)"
+    }) 
+  }}
+{% endblock %}
 
-  <h1 class="govuk-heading-m">
-    Data cleared
-  </h1>
+{% block content %}
 
-  <p>
-    The session data has been cleared.
-  </p>
+<form method="post">
+  <div class="govuk-grid-row">
+    <div class="govuk-grid-column-two-thirds">
+      <h1 class="govuk-heading-xl">
+        Clear data?
+      </h1>
+      {{ govukWarningText({
+        text: "This will clear all of the data entered in this session",
+        iconFallbackText: "Warning"
+      }) }}
 
-  <p>
-    <a href="/">
-      Prototype home page
-    </a>
-  </p>
+      {{ govukButton({
+        text: "Clear the data"
+      }) }}
+    </div>
+  </div>
+</form>
 
 {% endblock %}
diff --git a/lib/prototype-admin/clears-data.html b/lib/prototype-admin/clears-data.html
diff --git a/server.js b/server.js
@@ -227,9 +227,9 @@ if (useAutoStoreData === 'true') {
 }
 
 // Clear all data in session if you open /prototype-admin/clear-data
-app.get('/prototype-admin/clear-data', function (req, res) {
+app.post('/prototype-admin/clear-data', function (req, res) {
   req.session.data = {}
-  res.render('prototype-admin/clear-data')
+  res.render('prototype-admin/clear-data-success')
 })
 
 // Redirect root to /docs when in promo mode.