Merge pull request #1488 from topcoder-platform/develop

v0.20.0 - Universal Nav, new features and UI for TopGear

Author: jmgasper

config/constants/development.js

@@ -46,5 +46,8 @@ module.exports = {
   IDLE_TIMEOUT_MINUTES: 10,
   // duration to show the prompt saying user will be logged out, before actually logging out the user
   IDLE_TIMEOUT_GRACE_MINUTES: 5,
-  MULTI_ROUND_CHALLENGE_TEMPLATE_ID: 'd4201ca4-8437-4d63-9957-3f7708184b07'
+  MULTI_ROUND_CHALLENGE_TEMPLATE_ID: 'd4201ca4-8437-4d63-9957-3f7708184b07',
+  UNIVERSAL_NAV_URL: '//uni-nav.topcoder-dev.com/v1/tc-universal-nav.js',
+  HEADER_AUTH_URLS_HREF: `https://accounts-auth0.${DOMAIN}?utm_source=community-app-main`,
+  HEADER_AUTH_URLS_LOCATION: `https://accounts-auth0.${DOMAIN}?retUrl=%S&utm_source=community-app-main`
 }

config/constants/production.js

@@ -44,5 +44,8 @@ module.exports = {
   FILE_PICKER_CNAME: 'fs.topcoder.com',
   IDLE_TIMEOUT_MINUTES: 10,
   IDLE_TIMEOUT_GRACE_MINUTES: 5,
-  MULTI_ROUND_CHALLENGE_TEMPLATE_ID: 'd4201ca4-8437-4d63-9957-3f7708184b07'
+  MULTI_ROUND_CHALLENGE_TEMPLATE_ID: 'd4201ca4-8437-4d63-9957-3f7708184b07',
+  UNIVERSAL_NAV_URL: '//uni-nav.topcoder.com/v1/tc-universal-nav.js',
+  HEADER_AUTH_URLS_HREF: `https://accounts-auth0.${DOMAIN}?utm_source=community-app-main`,
+  HEADER_AUTH_URLS_LOCATION: `https://accounts-auth0.${DOMAIN}?retUrl=%S&utm_source=community-app-main`
 }

package-lock.json

@@ -175,5 +175,8 @@
   },
   "devDependencies": {
     "standard": "^12.0.1"
+  },
+  "volta": {
+    "node": "10.15.3"
   }
 }

package.json

@@ -17,17 +17,22 @@ function check () {
 }
 app.use(healthCheck.middleware([check]))
 app.use((req, res, next) => {
-  res.header('Referrer-Policy', 'strict-origin-when-cross-origin');
-  res.header('Permissions-Policy', 'geolocation=(), microphone=(), camera=()');
-  res.header('X-Content-Type-Options', 'nosniff');
-  res.header('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
-  res.header('Cache-control', 'public, max-age=0');
-  res.header('Pragma', 'no-cache');
-  res.setHeader('X-Frame-Options', 'DENY');
-  res.setHeader('Content-Security-Policy', "frame-ancestors 'none';");
+  res.header('Referrer-Policy', 'strict-origin-when-cross-origin')
+  res.header('Permissions-Policy', 'geolocation=(), microphone=(), camera=()')
+  res.header('X-Content-Type-Options', 'nosniff')
+  res.header('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload')
+  res.header('Cache-control', 'public, max-age=0')
+  res.header('Pragma', 'no-cache')
+  res.setHeader('X-Frame-Options', 'DENY')
+  res.setHeader('Content-Security-Policy',
+    "frame-ancestors 'none';" +
+      "script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval'" +
+        ' https://uni-nav.topcoder-dev.com' +
+        ' https://uni-nav.topcoder.com'
+  )
 
-  next();
-});
+  next()
+})
 // app.use(requireHTTPS) // removed because app servers don't handle https
 // app.use(express.static(__dirname))
 app.use(express.static(path.join(__dirname, 'build')))