From 4e53a3ee5f94898c35cfbbb5a57a68c9b14c651a Mon Sep 17 00:00:00 2001 From: Ashesh <3626859+Ashesh3@users.noreply.github.com> Date: Thu, 25 Jan 2024 19:58:23 +0530 Subject: [PATCH] Update Content-Security-Policy script-src directive to allow 'blob' as a source (#7105) * Update Content-Security-Policy script-src directive to allow 'blob' as a source * fixed abha linking via qr --------- Co-authored-by: khavinshankar --- netlify.toml | 2 +- src/Components/ABDM/LinkABHANumberModal.tsx | 17 +++++++++++--- src/Components/ABDM/models.ts | 26 +++++++++++++++++++++ src/Redux/api.tsx | 3 ++- vite.config.ts | 2 +- 5 files changed, 44 insertions(+), 6 deletions(-) diff --git a/netlify.toml b/netlify.toml index 15e6bac08f8..59abf59caff 100644 --- a/netlify.toml +++ b/netlify.toml @@ -26,7 +26,7 @@ status = 200 X-Content-Type-Options = "nosniff" Content-Security-Policy = ''' default-src 'self'; - script-src 'self' 'nonce-f51b9742' https://plausible.10bedicu.in; + script-src 'self' blob: 'nonce-f51b9742' https://plausible.10bedicu.in; style-src 'self' 'unsafe-inline'; connect-src *; img-src 'self' blob: data: https://cdn.coronasafe.network https://egov-s3-facility-10bedicu.s3.amazonaws.com https://egov-s3-patient-data-10bedicu.s3.amazonaws.com; diff --git a/src/Components/ABDM/LinkABHANumberModal.tsx b/src/Components/ABDM/LinkABHANumberModal.tsx index 47b29b805ae..5d1f7469efc 100644 --- a/src/Components/ABDM/LinkABHANumberModal.tsx +++ b/src/Components/ABDM/LinkABHANumberModal.tsx @@ -13,7 +13,7 @@ import TextFormField from "../Form/FormFields/TextFormField"; import { classNames } from "../../Utils/utils"; import request from "../../Utils/request/request"; import routes from "../../Redux/api"; -import { ABDMError } from "./models"; +import { ABDMError, ABHAQRContent } from "./models"; export const validateRule = ( condition: boolean, @@ -188,9 +188,20 @@ const ScanABHAQRSection = ({ setIsLoading(true); try { - const abha = JSON.parse(value); + const abha = JSON.parse(value) as ABHAQRContent; + const { res, data } = await request(routes.abha.linkViaQR, { - body: { ...abha, patientId }, + body: { + patientId, + hidn: abha?.hidn, + phr: abha?.hid, + name: abha?.name, + gender: abha?.gender, + dob: abha?.dob.replace(/\//g, "-"), + address: abha?.address, + "dist name": abha?.district_name, + "state name": abha?.["state name"], + }, }); if (res?.status === 200 || res?.status === 202) { diff --git a/src/Components/ABDM/models.ts b/src/Components/ABDM/models.ts index b85445fa6cd..957dc9c2d17 100644 --- a/src/Components/ABDM/models.ts +++ b/src/Components/ABDM/models.ts @@ -107,3 +107,29 @@ export interface IcreateHealthFacilityTBody { export interface IpartialUpdateHealthFacilityTBody { hf_id: string; } + +export interface ILinkViaQRBody { + hidn: string; + phr: string; + name: string; + gender: "M" | "F" | "O"; + dob: string; + address?: string; + "dist name"?: string; + "state name"?: string; + patientId?: string; +} + +export interface ABHAQRContent { + address: string; + distlgd: string; + district_name: string; + dob: string; + gender: "M"; + hid: string; + hidn: string; + mobile: string; + name: string; + "state name": string; + statelgd: string; +} diff --git a/src/Redux/api.tsx b/src/Redux/api.tsx index cde22411c92..94b61fa339e 100644 --- a/src/Redux/api.tsx +++ b/src/Redux/api.tsx @@ -14,6 +14,7 @@ import { IHealthId, IinitiateAbdmAuthenticationTBody, ILinkABHANumber, + ILinkViaQRBody, IpartialUpdateHealthFacilityTBody, ISearchByHealthIdTBody, IVerifyAadhaarOtpTBody, @@ -1188,7 +1189,7 @@ const routes = { path: "/api/v1/abdm/healthid/link_via_qr/", method: "POST", TRes: Type(), - TBody: Type(), + TBody: Type(), }, linkCareContext: { diff --git a/vite.config.ts b/vite.config.ts index 4740e295bb2..1683caa7a7b 100644 --- a/vite.config.ts +++ b/vite.config.ts @@ -101,7 +101,7 @@ export default defineConfig({ preview: { headers: { "Content-Security-Policy": `default-src 'self';\ - script-src 'self' 'nonce-f51b9742' https://plausible.10bedicu.in;\ + script-src 'self' blob: 'nonce-f51b9742' https://plausible.10bedicu.in;\ style-src 'self' 'unsafe-inline';\ connect-src *;\ img-src 'self' blob: data: https://cdn.coronasafe.network ${cdnUrls};\