Merge pull request #587 from companieshouse/bug/IDVA5-1710-Start-Now-…

…Button-Issue Updating form action
companieshouse · Jan 20, 2025 · 90036f9 · 90036f9
2 parents 474c3a9 + dce88af
commit 90036f9
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/src/middleware/content_security_policy_middleware_config.ts b/src/middleware/content_security_policy_middleware_config.ts
@@ -5,6 +5,7 @@ export const prepareCSPConfig = (nonce: string) : HelmetOptions => {
     const SELF = `'self'`;
     const NONCE = `'nonce-${nonce}'`;
     const ONE_YEAR_SECONDS = 31536000;
+    const CHS_URL_NO_PROTOCAL = removeProtocal(CHS_URL);
 
     return {
         contentSecurityPolicy: {
@@ -15,7 +16,7 @@ export const prepareCSPConfig = (nonce: string) : HelmetOptions => {
                 imgSrc: [CDN_HOST],
                 styleSrc: [NONCE, CDN_HOST],
                 connectSrc: [SELF, PIWIK_URL],
-                formAction: [SELF, PIWIK_CHS_DOMAIN, CHS_URL],
+                formAction: [SELF, PIWIK_CHS_DOMAIN, CHS_URL_NO_PROTOCAL],
                 scriptSrc: [NONCE, CDN_HOST, PIWIK_URL],
                 objectSrc: [`'none'`]
             }
@@ -29,3 +30,7 @@ export const prepareCSPConfig = (nonce: string) : HelmetOptions => {
         }
     };
 };
+
+const removeProtocal = (url: string): string => {
+    return url.replace(/https?:\/\//, "");
+};