Dears,
I decided to enable Magento_Csp module today on my magento 2.3.5-p2 webserver.
And I configured my own module to add the whitelisted domains.
I noticed that the console is showing me Refuse messages and not 'Report-Only'.
my config.xml is configure as below:
<?xml version="1.0"?> <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Store:etc/config.xsd"> <default> <csp> <mode> <storefront> <report_only>1</report_only> </storefront> <admin> <report_only>1</report_only> </admin> </mode> </csp> </default> </config>
However The console is showing the below:
Refused to frame 'https://www.youtube.com/' because it violates the following Content Security Policy directive: "frame-src 'self' geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.google.com *.addthis.com *.pinterest.com".
I know, I could add Youtube to the frame-src and it will work perfectly, However, I can't go with the Magento_Csp into production environment without the report-only mode for now.
Could anyone help me in making the Module working in Report-only mode ?
Solved! Go to Solution.
After Checking, This was related to the Porto theme used with the Magento 2 platform.
in fact, Porto are enabling the Restrictions inside the theme. For this reason, I disabled it from here:
./app/code/Smartwave/Porto/etc/config.xml
I hope this answer help other people.
After Checking, This was related to the Porto theme used with the Magento 2 platform.
in fact, Porto are enabling the Restrictions inside the theme. For this reason, I disabled it from here:
./app/code/Smartwave/Porto/etc/config.xml
I hope this answer help other people.
Enable report-only mode cause any issue?