Content Security Policy Whitelist Module for Magento 2.4.4. As described in the Official Magento Documentation.
- This project is not kept up-to-date and may contain mistakes. Treat this as a learning tool.
- This module is supported by the following Digital Startup Tutorial (Removing Content Security Policy Errors) which will shed more light on its use.
- This module will not work unless you follow the instructions below
Before you can use this module on your own Magento 2 store, you have to make changes to the following 2 files:
- Add a URL for
report_uri
if you are reporting to another solution. (You probably aren't. This is optional so you can leave it blank) - Change
report_only
from1
(report only) to0
(restrict mode). (This is optional so change when you are happy that your whitelist is working correctly.)
This is a very generic starting point. You must both Add and Remove any URLs that are applicable to your own Magento 2 store. Remember: This is a "firewall". Therefore, only creates rules for URLs that you have verified as safe. Ensure that you use a unique "id" (e.g. the URL) for each entry within its group.
- Upload via FTP to
app/code/
- Enable Module:
bin/magento module:enable DigitalStartup_Csp
- Update Magento Schema:
bin/magento setup:upgrade
- Compile if in Production:
bin/magento setup:di:compile
- Clear Cache:
bin/magento cache:clean