Merge branch 'develop' into feature-GREATUK-1191-address-pentest-2024…

…-finding-on-csp

config/settings.py

@@ -1022,7 +1022,6 @@
 CSP_OBJECT_SRC = ("'none'",)  # noqa
 CSP_SCRIPT_SRC = (
     "'self'",
-    "'unsafe-inline'",
     "'unsafe-eval'",
     'https://www.google.com',
     'https://www.gstatic.com',

config/url_redirects.py

@@ -16,6 +16,7 @@
     QuerystringRedirectView,
     TranslationRedirectView,
 )
+from international.url_redirects import international_migration_redirects
 
 build_great_international_url = partial(urljoin, '/international/')
 
@@ -890,7 +891,7 @@
     ),
     re_path(
         r'^investment-support-directory/$',
-        QuerystringRedirectView.as_view(url='/international/investment-support-directory/'),
+        PermanentQuerystringRedirectView.as_view(url='/international/investment-support-directory/'),
         name='international-investment-support-directory-home',
     ),
     re_path(
@@ -1215,4 +1216,5 @@
     + international_redirects
     + articles_redirects
     + unguided_journey_redirects
+    + international_migration_redirects
 )

core/models.py

@@ -11,6 +11,8 @@
 from django.template.loader import render_to_string
 from django.template.response import TemplateResponse
 from django.urls import reverse
+from django.views.decorators.csrf import csrf_protect
+from django.utils.decorators import method_decorator
 from django.utils.safestring import mark_safe
 from django.utils.text import slugify
 from django.utils.translation import gettext_lazy as _
@@ -1094,6 +1096,7 @@ def form_valid(self, form, request):
             return JsonResponse({'pk': hcsat.pk})
         return HttpResponseRedirect(self.get_success_url(request))
 
+    @method_decorator(csrf_protect, name='post')
     def serve(self, request, *args, **kwargs):
         self.handle_page_view(request)
 

domestic/static/javascript/hcsat-feedback-form.js

@@ -34,7 +34,7 @@ class CsatFormHandler {
                 const response = await fetch(`${url}?js_enabled=True`, {
                     method: 'POST',
                     headers: {
-                        'X-CSRFToken': formData.get('csrfmiddlewaretoken'),
+                        'X-CSRFToken': document.querySelector('[name=csrfmiddlewaretoken]').value,
                         'Accept': 'application/json',
                         'X-Requested-With': 'XMLHttpRequest',
                     },

international/context_processors.py

@@ -102,7 +102,7 @@ def international_header(request):
                     'navItemsListChildren': nav_items_list_children,
                 },
                 {
-                    'href': '/international/investment/opportunities/',
+                    'href': '/international/investment/',
                     'text': 'Investment opportunities',
                     'location': 'International header',
                     'isCurrent': '/international/investment/' in request.path,
@@ -122,7 +122,7 @@ def international_header(request):
                     'isCurrent': '/expand-your-business-in-the-uk' in request.path,
                 },
                 {
-                    'href': '/international/investment/opportunities/',
+                    'href': '/international/investment/',
                     'text': 'Investment opportunities',
                     'location': 'International header',
                     'isCurrent': '/international/investment/' in request.path,

international/templates/international/components/landing_hero.html

@@ -36,7 +36,7 @@ <h1 class="govuk-heading-l great-hero-heading">{{ heading }}</h1>
                 {% include 'components/great/card.html' with content="Get the guidance and insights to help you set up and grow your business in the UK" data_attr_title='How to expand your business' data_attr_location='International homepage' title='How to expand your business' url="/international/expand-your-business-in-the-uk/" show_title_link=True heading_class="govuk-heading-m" content_class="govuk-body" classes="great-international-card--cta" heading_level="h2" %}
             </div>
             <div class="govuk-grid-column-one-third-from-desktop govuk-!-margin-bottom-6">
-                {% include 'components/great/card.html' with content="Explore a range of foreign direct investment projects to suit your needs, by sector and location" data_attr_title='Find investment opportunities' data_attr_location='International homepage' title='Find investment opportunities' url="/international/investment/opportunities/" show_title_link=True heading_class="govuk-heading-m" content_class="govuk-body" classes="great-international-card--cta" heading_level="h2" %}
+                {% include 'components/great/card.html' with content="Explore a range of foreign direct investment projects to suit your needs, by sector and location" data_attr_title='Find investment opportunities' data_attr_location='International homepage' title='Find investment opportunities' url="/international/investment/" show_title_link=True heading_class="govuk-heading-m" content_class="govuk-body" classes="great-international-card--cta" heading_level="h2" %}
             </div>
             <div class="govuk-grid-column-one-third-from-desktop govuk-!-margin-bottom-6">
                 {% include 'components/great/card.html' with content="Find UK suppliers that can partner with your business to achieve success" data_attr_title='Buy UK products and services' data_attr_location='International homepage' title='Buy UK products and services' url="/international/buy-from-the-uk/" show_title_link=True heading_class="govuk-heading-m" content_class="govuk-body" classes="great-international-card--cta" heading_level="h2" %}