EYQB-532: Minor tweaks to make the user journey cookie service scoped… (

#360) * EYQB-532: Minor tweaks to make the user journey cookie service scoped to a request and blanket no-cache for response. * Fixed e2e tests
DFE-Digital · Sep 13, 2024 · b0d1ab4 · b0d1ab4
1 parent 08205ff
commit b0d1ab4
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 8 deletions.
diff --git a/src/Dfe.EarlyYearsQualification.Web/Program.cs b/src/Dfe.EarlyYearsQualification.Web/Program.cs
@@ -53,6 +53,11 @@
                                          {
                                              // Ensures that all POST actions are protected by default.
                                              options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute());
+                                             options.Filters.Add(new ResponseCacheAttribute
+                                                                 {
+                                                                     NoStore = true,
+                                                                     Location = ResponseCacheLocation.None
+                                                                 });
                                          });
 
 builder.Services.AddContentful(builder.Configuration);
@@ -73,7 +78,7 @@
 builder.Services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
 builder.Services.AddScoped<ICookieManager, CookieManager>();
 builder.Services.AddTransient<ICookiesPreferenceService, CookiesPreferenceService>();
-builder.Services.AddTransient<IUserJourneyCookieService, UserJourneyCookieService>();
+builder.Services.AddScoped<IUserJourneyCookieService, UserJourneyCookieService>();
 builder.Services.AddSingleton<IActionContextAccessor, ActionContextAccessor>();
 builder.Services.AddScoped(x =>
                            {

diff --git a/src/Dfe.EarlyYearsQualification.Web/Services/Cookies/CookieManager.cs b/src/Dfe.EarlyYearsQualification.Web/Services/Cookies/CookieManager.cs
@@ -10,7 +10,8 @@ public void SetOutboundCookie(string key, string value, CookieOptions options)
         {
             throw new NullReferenceException("HTTP context cannot be null");
         }
-
+
+        httpContext.Response.Cookies.Delete(key, options);
         httpContext.Response.Cookies.Append(key, value, options);
     }
 

diff --git a/tests/Dfe.EarlyYearsQualification.E2ETests/cypress/e2e/shared/security-header-spec.cy.js b/tests/Dfe.EarlyYearsQualification.E2ETests/cypress/e2e/shared/security-header-spec.cy.js
@@ -17,7 +17,7 @@ describe("A spec that checks for security headers in the response", () => {
       cy.request("GET", page).then((response) => {
         expect(response.headers).to.have.property(
           "cache-control",
-          "no-cache, no-store"
+          "no-store,no-cache"
         );
         expect(response.headers).to.have.property(
           "content-security-policy",
@@ -58,7 +58,7 @@ describe("A spec that checks for security headers in the response", () => {
       cy.request("GET", page).then((response) => {
         expect(response.headers).to.have.property(
           "cache-control",
-          "max-age=31536000, private"
+          "no-store,no-cache"
         );
         expect(response.headers).to.have.property(
           "content-security-policy",
@@ -91,8 +91,8 @@ describe("A spec that checks for security headers in the response", () => {
     it(`pages without forms that will not redirect if no date - cookie banner showing - ${page} contains the expected response headers`, () => {
       cy.request("GET", page).then((response) => {
         expect(response.headers).to.have.property(
-          "cache-control",
-          "no-cache, no-store"
+          "cache-control", 
+          "no-store,no-cache"
         );
         expect(response.headers).to.have.property(
           "content-security-policy",
@@ -135,7 +135,7 @@ describe("A spec that checks for security headers in the response", () => {
       cy.request("GET", page).then((response) => {
         expect(response.headers).to.have.property(
           "cache-control",
-          "max-age=31536000, private"
+          "no-store,no-cache"
         );
         expect(response.headers).to.have.property(
           "content-security-policy",
@@ -172,7 +172,7 @@ describe("A spec that checks for security headers in the response", () => {
       cy.request("GET", page).then((response) => {
         expect(response.headers).to.have.property(
           "cache-control",
-          "no-cache, no-store"
+          "no-store,no-cache"
         );
         expect(response.headers).to.have.property(
           "content-security-policy",
-Original file line number
+Diff line change
@@ Expand Up @@
             {
                 throw new NullReferenceException("HTTP context cannot be null");
             }
+            httpContext.Response.Cookies.Delete(key, options);
             httpContext.Response.Cookies.Append(key, value, options);
         }
@@ Expand Down @@