Skip to content

Commit

Permalink
Merge pull request #988 from alphagov/allow-cross-origin-messages-for…
Browse files Browse the repository at this point in the history
…-cookie-banner

Hide cookie banner if cross-origin message has hideCookieBanner set to true
  • Loading branch information
alex-ju authored Jul 12, 2019
2 parents 1ae3026 + c26a778 commit 48c5bb2
Show file tree
Hide file tree
Showing 3 changed files with 60 additions and 6 deletions.
5 changes: 3 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,10 @@
useful summary for people upgrading their application, not a replication
of the commit log.

## Unreleased changes
## Unreleased

* Change paragraph to div for descriptions to support govspeak (PR #985)
* Update cookie banner component to hide if cross-origin message has `hideCookieBanner` set to `true` (PR #988)
* Change paragraph to div for descriptions to support govspeak description in checkboxes and radios (PR #985)

## 17.13.0

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,13 @@ window.GOVUK.Modules = window.GOVUK.Modules || {};
this.$module.setCookieConsent = this.setCookieConsent.bind(this)

this.$module.cookieBanner = document.querySelector('.gem-c-cookie-banner')
this.$module.cookieBannerConfirmationMessage = document.querySelector('.gem-c-cookie-banner__confirmation')
this.$module.cookieBannerConfirmationMessage = this.$module.querySelector('.gem-c-cookie-banner__confirmation')

// Temporary check while we have 2 banners co-existing.
// Once the new banner has been deployed, we will be able to remove code relating to the old banner
// Separating the code out like this does mean some repetition, but will make it easier to remove later
this.setupCookieMessage()

// Listen for cross-origin communication messages (e.g. hideCookieBanner for when previewing GOV.UK pages
// in publishing applications
this.listenForCrossOriginMessages()
}

CookieBanner.prototype.setupCookieMessage = function () {
Expand Down Expand Up @@ -84,5 +85,41 @@ window.GOVUK.Modules = window.GOVUK.Modules || {};
this.$module.cookieBannerConfirmationMessage.style.display = 'block'
}

CookieBanner.prototype.listenForCrossOriginMessages = function () {
window.addEventListener('message', this.receiveMessage.bind(this), false)
}

CookieBanner.prototype.receiveMessage = function (event) {
var trustedDomain = 'publishing.service.gov.uk'
var origin = event.origin

// Return if no origin is given or the browser doesn't support lastIndexOf
if (!origin || !origin.lastIndexOf) {
return
}

// Polyfill origin.endsWith(trustedDomain) for IE
var offset = origin.length - trustedDomain.length
var trustedOrigin = offset >= 0 && origin.lastIndexOf(trustedDomain, offset) === offset

// Return if the given origin is not trusted
if (!trustedOrigin) {
return
}

// Read JSON data from event
var dataObject = {}
try {
dataObject = JSON.parse(event.data)
} catch (err) {
// Don't throw errors as the emmited message may not be in a JSON format
} finally {
if (dataObject.hideCookieBanner === 'true') {
// Visually hide the cookie banner
this.$module.style.display = 'none'
}
}
}

Modules.CookieBanner = CookieBanner
})(window.GOVUK.Modules)
16 changes: 16 additions & 0 deletions spec/javascripts/components/cookie-banner-spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -113,4 +113,20 @@ describe('Cookie banner', function () {

expect(newCookieBanner).not.toBeVisible()
})

it('hides the cookie banner if a cross-origin messages says so', function () {
var element = document.querySelector('[data-module="cookie-banner"]')
var cookieBannerModule = new GOVUK.Modules.CookieBanner()
cookieBannerModule.start($(element))

var mockMessage = {
data: JSON.stringify({ 'hideCookieBanner': 'true' }),
origin: 'https://content-publisher.publishing.service.gov.uk'
}

cookieBannerModule.receiveMessage(mockMessage)

var newCookieBanner = document.querySelector('.gem-c-cookie-banner')
expect(newCookieBanner).not.toBeVisible()
})
})

0 comments on commit 48c5bb2

Please sign in to comment.