Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update reference to klick2contact.com #213

Merged
merged 3 commits into from
Oct 6, 2021
Merged

Update reference to klick2contact.com #213

merged 3 commits into from
Oct 6, 2021

Conversation

ChrisBAshton
Copy link
Contributor

Smokey has started failing on cucumber -p staging_aws features/finder_frontend.feature:90 # Scenario Outline: Check search results and analytics

This is the error:

Refused to connect to 'https://hmpowebchat.klick2contact.com/v03/providers/HMPO/api/availability.php' because it violates the following Content Security Policy directive: "connect-src 'self' *.publishing.service.gov.uk *.staging.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.tax.service.gov.uk hmrc-uk.digital.nuance.com gov.klick2contact.com www.signin.service.gov.uk lux.speedcurve.com".

The content security policy originally included gov.klick2contact.com in 7c1670b in January 2020.
However, we started referencing hmpowebchat.klick2contact.com in 1a5adccfd19435c3bceaeab402224775ecbae638 in March 2020.

I'm not sure why this has only started failing today, nor whether gov.klick2contact.com is still in use.
My assumption is that that is a legacy thing and we should only allow connections to hmpowebchat.klick2contact.com from now on.
If that assumption is wrong, it will be relatively simple to add gov.klick2contact.com back in.

ChrisBAshton and others added 2 commits October 6, 2021 10:37
@ChrisBAshton
Update reference to klick2contact.com
1e8e099 
Smokey has started failing on `cucumber -p staging_aws features/finder_frontend.feature:90 # Scenario Outline: Check search results and analytics`

This is the error:

```
Refused to connect to 'https://hmpowebchat.klick2contact.com/v03/providers/HMPO/api/availability.php' because it violates the following Content Security Policy directive: "connect-src 'self' *.publishing.service.gov.uk *.staging.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.tax.service.gov.uk hmrc-uk.digital.nuance.com gov.klick2contact.com www.signin.service.gov.uk lux.speedcurve.com".
```

The content security policy originally included `gov.klick2contact.com` in 7c1670b in January 2020.
However, we started referencing `hmpowebchat.klick2contact.com` in 1a5adccfd19435c3bceaeab402224775ecbae638 in March 2020.

I'm not sure why this has only started failing today, nor whether `gov.klick2contact.com` is still in use.
My assumption is that that is a legacy thing and we should only allow connections to `hmpowebchat.klick2contact.com` from now on.
If that assumption is wrong, it will be relatively simple to add `gov.klick2contact.com` back in.
@ChrisBAshton
Update Changelog
5a69e54
@ChrisBAshton ChrisBAshton marked this pull request as ready for review October 6, 2021 09:40
bilbof
bilbof approved these changes Oct 6, 2021
View reviewed changes
Copy link
Contributor

@bilbof bilbof left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing, I was able to reproduce this issue on https://www.gov.uk/government/organisations/hm-passport-office/contact/hm-passport-office-webchat.

@bilbof
Copy link
Contributor

bilbof commented Oct 6, 2021

Also, it looks like we discovered this problem by accident (this page happens to be the 11th result in search results for the query "passport" https://github.com/alphagov/smokey/blob/main/features/finder_frontend.feature#L90). Should we add a feature test that this page is working as expected?

@ChrisBAshton ChrisBAshton merged commit 2d6415f into main Oct 6, 2021
@ChrisBAshton ChrisBAshton deleted the fix-klick2contact branch October 6, 2021 10:39
@ChrisBAshton
Copy link
Contributor Author

Also, it looks like we discovered this problem by accident (this page happens to be the 11th result in search results for the query "passport" https://github.com/alphagov/smokey/blob/main/features/finder_frontend.feature#L90). Should we add a feature test that this page is working as expected?

Good shout, Bill. I'll raise a follow-up PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bilbof bilbof bilbof approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ChrisBAshton @bilbof