Popular Module
Potentially Abandoned
v1.0.1
Magento 2 CSP Whitelist
ctidigital/magento2-csp-whitelist
Allows managing Content Security Policy (CSP) whitelists via the Magento admin panel. Enables control over allowed resources for various CSP directives.
187,857
Downloads
Below average
21
GitHub Stars
Below average
5y ago
Last Release
2
Open Issues
Build Passing
Ready to install
Build Tests
Composer Install
DI Compile
Templates
Code Quality
CS
Coding Standard
29 warnings
L1
PHPStan
Tested on Magento 2.4.8-p3
Recent Test History
Each release is tested against the latest Magento version at that time.
v1.0.1
on Magento 2.4.8-p3
GitHub Repository
Source code & docs
Packagist
Version history
Issues & Support
Get help or report bugs
Share This Module's Status
README
Loaded from GitHubMagento 2 CSP Whitelist
A Magento 2 module created by CTI Digital to create and maintain Content Security Policies via the admin panel.
Installation
-
composer require ctidigital/magento2-csp-whitelist -
php bin/magento module:enable CtiDigital_CspWhitelist -
php bin/magento setup:upgrade
Usage
Identify the resource blocked by the Content Security Policy:
Refused to load https://www.google-analytics.com/analytics.js because it does not appear in the script-src directive of the Content Security Policy.
- Take note of the resource
google-analytics.comor*.google-analytics.com. - Check which policy it violates
script-src. - Navigate to admin panel
Stores->Configuration->Cti->CSP Whitelist - Ensure the module is enabled. Add a new row, select a resource and add the value.
- Save and flush the relevant caches.
Policies
POLICY NAME DESCRIPTION
default-src The default policy.
base-uri Defines which URLs can appear in a page’s <base> element.
child-src Defines the sources for workers and embedded frame contents.
connect-src Defines the sources that can be loaded using script interfaces.
font-src Defines which sources can serve fonts.
form-action Defines valid endpoints for submission from <form> tags.
frame-ancestors Defines the sources that can embed the current page.
frame-src Defines the sources for elements such as <frame> and <iframe>.
img-src Defines the sources from which images can be loaded.
manifest-src Defines the allowable contents of web app manifests.
media-src Defines the sources from which images can be loaded.
object-src Defines the sources for the <object>, <embed>, and <applet> elements.
script-src Defines the sources for JavaScript <script> elements.
style-src Defines the sources for stylesheets.
This content is fetched directly from the module's GitHub repository. We are not the authors of this content and take no responsibility for its accuracy, completeness, or any consequences arising from its use.