Merge pull request #670 from companieshouse/IDVA5-1780-Sole-trader-fe…

…ature-flag-fix Updating CSP to have * form action for type of business page only if verify sole trader only feature flag is true
companieshouse · Feb 24, 2025 · 29f369f · 29f369f
2 parents 7b1663a + 23d7ed1
commit 29f369f
Showing 1 changed file with 12 additions and 4 deletions.
diff --git a/src/app.ts b/src/app.ts
@@ -15,9 +15,10 @@ import {
     CHS_URL,
     PIWIK_URL,
     PIWIK_SITE_ID,
-    CHS_MONITOR_GUI_URL
+    CHS_MONITOR_GUI_URL,
+    FEATURE_FLAG_VERIFY_SOLE_TRADER_ONLY
 } from "./utils/properties";
-import { BASE_URL, SOLE_TRADER, HEALTHCHECK, ACCESSIBILITY_STATEMENT, UPDATE_ACSP_DETAILS_BASE_URL } from "./types/pageURL";
+import { BASE_URL, SOLE_TRADER, HEALTHCHECK, ACCESSIBILITY_STATEMENT, UPDATE_ACSP_DETAILS_BASE_URL, TYPE_OF_BUSINESS } from "./types/pageURL";
 import { commonTemplateVariablesMiddleware } from "./middleware/common_variables_middleware";
 import { updateAcspAuthMiddleware } from "./middleware/update-acsp/update_acsp_authentication_middleware";
 import { updateAcspBaseAuthenticationMiddleware } from "./middleware/update-acsp/update_acsp_base_authentication_middleware";
@@ -30,6 +31,7 @@ import { csrfProtectionMiddleware } from "./middleware/csrf_protection_middlewar
 import errorHandler from "./controllers/errorController";
 import { registrationVariablesMiddleware } from "./middleware/registration_variables_middleware";
 import { updateVariablesMiddleware } from "./middleware/update-acsp/update_variables_middleware";
+import { isActiveFeature } from "./utils/feature.flag";
 
 const app = express();
 const nonce: string = uuidv4();
@@ -69,8 +71,14 @@ app.use(express.static(path.join(__dirname, "/../assets/public")));
 // Apply middleware
 app.use(cookieParser());
 app.use(nocache());
-app.use(`^(${BASE_URL})$`, helmet(prepareCSPConfigHomePage(nonce)));
-app.use(`^(?!(${BASE_URL}$))*`, helmet(prepareCSPConfig(nonce)));
+
+if (isActiveFeature(FEATURE_FLAG_VERIFY_SOLE_TRADER_ONLY)) {
+    app.use(`^(${BASE_URL}${TYPE_OF_BUSINESS}|${BASE_URL}$)$`, helmet(prepareCSPConfigHomePage(nonce)));
+    app.use(`^(?!(${BASE_URL}${TYPE_OF_BUSINESS}$|${BASE_URL}$))*`, helmet(prepareCSPConfig(nonce)));
+} else {
+    app.use(`^(${BASE_URL})$`, helmet(prepareCSPConfigHomePage(nonce)));
+    app.use(`^(?!(${BASE_URL}$))*`, helmet(prepareCSPConfig(nonce)));
+}
 app.use(`^(?!(${BASE_URL}${HEALTHCHECK}|${BASE_URL}$|${BASE_URL}${ACCESSIBILITY_STATEMENT}))*`, sessionMiddleware);
 app.use(`^(?!(${BASE_URL}${HEALTHCHECK}|${BASE_URL}$|${BASE_URL}${ACCESSIBILITY_STATEMENT}))*`, csrfProtectionMiddleware);
 app.use(`^(?!(${BASE_URL}${HEALTHCHECK}|${BASE_URL}$|${BASE_URL}${ACCESSIBILITY_STATEMENT})|(${BASE_URL}${SOLE_TRADER})|(${UPDATE_ACSP_DETAILS_BASE_URL}))*`, authenticationMiddleware);