Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

csp whitelist for scripts that are included global in head

‎08-20-2022 07:14 AM
‎08-20-2022 07:14 AM

csp whitelist for scripts that are included global in head

How can I add policys for scripts that have been added globaly in the header by Design > head

 

Labels:
0 Kudos
Reply
5 REPLIES 5
‎08-20-2022 10:19 PM
‎08-20-2022 10:19 PM

Re: csp whitelist for scripts that are included global in head

Hello @klartextmedia 

 

You can add a domain to the whitelist for a policy (like script-src, style-src, font-src and others) by adding a csp_whitelist.xml to your custom module's etc folder.

<?xml version="1.0"?>
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd">
    <policies>
        <policy id="script-src">
            <values>
                <value id="devdocs-base" type="host">https://developer.adobe.com</value>
                <value id="magento" type="host">https://magento.com</value>
            </values>
        </policy>
        <policy id="connect-src">
            <values>
                <value id="devdocs" type="host">https://developer.adobe.com</value>
            </values>
        </policy>
    </policies>
</csp_whitelist>

also you can refer below url:
CSP Whitelist 

 

It may help you!
Thank you

Problem solved? Click Accept as Solution!
0 Kudos
Reply
‎08-21-2022 12:15 AM
‎08-21-2022 12:15 AM

Re: csp whitelist for scripts that are included global in head

Buy phone Accessories

0 Kudos
Reply
‎08-21-2022 02:33 AM
‎08-21-2022 02:33 AM

Re: csp whitelist for scripts that are included global in head

yes, but i don't need it for a custom module, i need it for every module/theme global.

@Bhanu Periwal wrote:

Hello @klartextmedia 

 

You can add a domain to the whitelist for a policy (like script-src, style-src, font-src and others) by adding a csp_whitelist.xml to your custom module's etc folder.

<?xml version="1.0"?>
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd">
    <policies>
        <policy id="script-src">
            <values>
                <value id="devdocs-base" type="host">https://developer.adobe.com</value>
                <value id="magento" type="host">https://magento.com</value>
            </values>
        </policy>
        <policy id="connect-src">
            <values>
                <value id="devdocs" type="host">https://developer.adobe.com</value>
            </values>
        </policy>
    </policies>
</csp_whitelist>

also you can refer below url:
CSP Whitelist 

 

It may help you!
Thank you

 

0 Kudos
Reply
‎08-21-2022 03:11 AM
‎08-21-2022 03:11 AM

Re: csp whitelist for scripts that are included global in head

Hello @klartextmedia 

 

Yes, in this case you also need to custom module and add all global urls which you want to whiitelist in csp_whitelist.xml.

 

Try this it is working at my project as well.

 

Problem solved? Click Accept as Solution!
0 Kudos
Reply
‎05-23-2024 10:13 AM
‎05-23-2024 10:13 AM

Re: csp whitelist for scripts that are included global in head

I've been leveraging the module at Magento 2 CSP Whitelist  to whitelist third-party domains and subdomains effectively. This has also helped me resolving checkout issues on Magento 2 version 2.4.7, accommodating a variety of third-party extensions such as Klarna, Google Pay, Apple Pay, and GTM with ease.

Reply