Merge pull request #1773 from DFE-Digital/cookie-redirections

Redirect non GET referers to root_path

app/controllers/cookie_preferences_controller.rb

@@ -1,7 +1,7 @@
 class CookiePreferencesController < ApplicationController
-  REFERER_BLACKLIST = %r{/(cookie_preference|cookies_policy)}.freeze
+  REFERER_BLACKLIST = %r{/(cookie_preference)}.freeze
   skip_before_action :verify_authenticity_token, only: %i[update]
-  before_action :save_refererer
+  before_action :save_referer
 
   def show
     redirect_to edit_cookie_preference_path
@@ -42,10 +42,19 @@ def remove_rejected_cookies(preferences)
     end
   end
 
-  def save_refererer
-    if request.referer.present? && request.referer !~ REFERER_BLACKLIST
-      session[:cookie_preference_referer] = request.referer
-    end
+  def save_referer
+    session[:cookie_preference_referer] =
+      if non_get_referer?
+        root_url
+      elsif request.referer.present? && request.referer !~ REFERER_BLACKLIST
+        request.referer
+      end
+  end
+
+  def non_get_referer?
+    Rails.application.routes.recognize_path(request.referer).blank?
+  rescue ActionController::RoutingError
+    true
   end
 
   def return_url

spec/features/cookie_preferences_spec.rb

@@ -0,0 +1,28 @@
+require 'rails_helper'
+
+feature "Save the referer" do
+  scenario "a user accepts the cookies from invalid path" do
+    visit new_candidates_feedback_path
+
+    click_on "Submit feedback"
+    click_on "Accept cookies"
+
+    expect(page.current_path).to eq(root_path)
+  end
+
+  scenario "a user accepts the cookies from valid path" do
+    visit candidates_signin_path
+
+    click_on "Accept cookies"
+
+    expect(page.current_path).to eq(candidates_signin_path)
+  end
+
+  scenario "a user accepts the cookies from a blacklisted path" do
+    visit edit_cookie_preference_path
+
+    click_on "Accept cookies"
+
+    expect(page.current_path).to eq(edit_cookie_preference_path)
+  end
+end