cancel
Showing results for 
Search instead for 
Did you mean: 

csp whitelist for scripts that are included global in head

csp whitelist for scripts that are included global in head

How can I add policys for scripts that have been added globaly in the header by Design > head

 

5 REPLIES 5

Re: csp whitelist for scripts that are included global in head

Hello @klartextmedia 

 

You can add a domain to the whitelist for a policy (like script-src, style-src, font-src and others) by adding a csp_whitelist.xml to your custom module's etc folder.

<?xml version="1.0"?>
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd">
    <policies>
        <policy id="script-src">
            <values>
                <value id="devdocs-base" type="host">https://developer.adobe.com</value>
                <value id="magento" type="host">https://magento.com</value>
            </values>
        </policy>
        <policy id="connect-src">
            <values>
                <value id="devdocs" type="host">https://developer.adobe.com</value>
            </values>
        </policy>
    </policies>
</csp_whitelist>

also you can refer below url:
CSP Whitelist 

 

It may help you!
Thank you

Problem solved? Click Accept as Solution!

Re: csp whitelist for scripts that are included global in head

Re: csp whitelist for scripts that are included global in head

yes, but i don't need it for a custom module, i need it for every module/theme global.


@Bhanu Periwal wrote:

Hello @klartextmedia 

 

You can add a domain to the whitelist for a policy (like script-src, style-src, font-src and others) by adding a csp_whitelist.xml to your custom module's etc folder.

<?xml version="1.0"?>
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd">
    <policies>
        <policy id="script-src">
            <values>
                <value id="devdocs-base" type="host">https://developer.adobe.com</value>
                <value id="magento" type="host">https://magento.com</value>
            </values>
        </policy>
        <policy id="connect-src">
            <values>
                <value id="devdocs" type="host">https://developer.adobe.com</value>
            </values>
        </policy>
    </policies>
</csp_whitelist>

also you can refer below url:
CSP Whitelist 

 

It may help you!
Thank you


 

Re: csp whitelist for scripts that are included global in head

Hello @klartextmedia 

 

Yes, in this case you also need to custom module and add all global urls which you want to whiitelist in csp_whitelist.xml.

 

Try this it is working at my project as well.

 

Problem solved? Click Accept as Solution!

Re: csp whitelist for scripts that are included global in head

I've been leveraging the module at Magento 2 CSP Whitelist  to whitelist third-party domains and subdomains effectively. This has also helped me resolving checkout issues on Magento 2 version 2.4.7, accommodating a variety of third-party extensions such as Klarna, Google Pay, Apple Pay, and GTM with ease.