nhsuk / connecting-to-services Goto Github PK
View Code? Open in Web Editor NEWFind a pharmacy
Home Page: https://www.nhs.uk/service-search/find-a-pharmacy/
License: MIT License
Find a pharmacy
Home Page: https://www.nhs.uk/service-search/find-a-pharmacy/
License: MIT License
This is specifically referring to the views used for the open only results and all results. They are largely the same but are currently duplicated
Provide more address details in the link for google maps in order to get the start and destination as accurate as possible
At the moment we just have a general catch all error page.
Should handle 404 separately.
Load a page and check the console for errors. A number of resources are not available i.e. not found due to the path in the .css
file not having the variable that is used in the SCCS
replaced.
This needs sorting so that the font files are being mapped to the correct CDN host.
At the moment there is no validation on the /results
route. The input needs to be validated in the same way as /results-open
The application can be passed a context
e.g. ?context=stomach-ache
to which it responds with content specifically for that thing. This should be documented in the readme (or some other place) so that it is accessible without having to read the code.
Need to address this by having a mechanism to mock current time.
I'm guessing it's a time issue again but no time to investigate (pun intended!).
Some info about preferred style of coding e.g. readability > succinctness, etc.
The beta content site uses helmet to add protection.
We need to consider when to add this or similar.
https://travis-ci.org/nhsuk/connecting-to-services/builds/162109811
The code requires calls to 100 pharmacy overview pages and, even when mocked, this takes longer on travis than the test timeout parameter.
The tests were previously passing as only the first 10 calls were mocked. After that the code was failing silently, opening times were therefore not parsed and, as an unintended consequence, the tests ran faster. The new tests do not allow this to happen and all 100 calls are mocked resulting in slower test execution.
I'll give it some thought but any suggestions welcome.
connecting-to-services readme describes the env vars required
Include eslint
During testing I was blocked by the API - I assume for too high a request rate. Having not seen this previously, I wonder if there are more requests being submitted in this version and if so how can this be reduced to prevent the API blocking.
If nothing can be done perhaps the local data storage solution needs to be brought forward...
The error message displayed for an invalid or empty postcode is displayed after it has been shown previously and the page is navigated back to from the results page. The message should not be shown in this scenario.
Steps to reproduce:
This is happening due to the way the browser is not reloading the load and is just serving it out of cache. And the page with the error message just happens to be last version it had in its cache. See https://webkit.org/blog/427/webkit-page-cache-i-the-basics/
In order to get rid of the message the page needs to either forceably reloaded or the error message removed on the client or, using https
should solve the problem also (which all pages are going to be using).
This is effectively handling the scenario when there are no results for a given location. There is a difference between a valid postcode and one that isn't known. However, the current API being used doesn't differentiate this.
In simulating what would happen if postcode.io was unavailable (by disconnecting wifi) the behaviour of the post code search was not as expected.
It returns a 'Postcode Error' message ('Use a valid postcode') on the search page.
If that is agreed to be the case
/cc @neilbmclaughlin
Currently only a full postcode will be validated. Outcodes will work with the API and should be allowed to perform a search.
Ensure all traffic if redirected to https
Basically it just needs to have the existing JS used on the Beta added.
The functionality is to only show the message once every 30 days.
As part of this - make the results file route be default
The URL is hard coded in express config and in the css files.
Should be in an env var.
Search for hg2
- the second result 'Day Lewis Pharmacy' has no opening times.
As part of my investigations into the failing build yesterday I was looking at the package versioning we employ.
Looking at the meaning of ^ in package versioning, it only fixes the major version [1]. This means that, for a given package, we are exposed to bad semantic versioning on the part of a publisher or simply a bug in a later minor version. This applies to our direct dependencies and, importantly, the chain of dependencies below them. The end result could be subtle differences between our environments.
We need to consider where using shrinkwrap [2] in our deployment pipeline would help.
[1] http://stackoverflow.com/questions/22343224/difference-between-tilde-and-caret-in-package-json
[2] See npm help shrinkwrap
A Content-Security-Policy
has been added. This restricts where it is acceptable to load content from. Scripts have been allowed from inline
. This is not allowed by default, for the reason of being an easy to prevent the effects of XSS. However, this exception to the rule has been added as there are a number of script blocks used for analytics mainly that include dynamic values.
In order for these blocks to be removed into external files some work is required to ensure that the files are generated as the application starts up (because the contain values set in environment variables). The files will also need their names to include hashes to avoid issues with caching. At the moment, none of the code infrastructure exists to do this.
This issue is done when the Content-Security-Policy
has been altered to not allow unsafe-inline
.
The address data has duplicate information e.g. HG5
This should be tackled at the source
Which banner(s) should be on which page?
Should the cookie banner be dynamic ? If so, frontend of backend?
Since the environment variables have been added they need to be setup for the Azure instances:
NHSCHOICES_SYNDICATION_APIKEY
NHSCHOICES_SYNDICATION_BASEURL
Concern over the lack of security headers has been raised by others.
While I don't think we have any security vulnerabilities, since we have no exposure to XSS (nunjucks sanitises input) and do not have sensitive data or sessions tokens, it seems prudent to introduce these best practice measures sooner rather than later.
The application should handle the routing in the way it will be presented to users rather than relying on lots of rewriting rules.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.