Skip to content

Magento 2 module to collect CSP violations reports and to eliminate JS console warnings

License

Notifications You must be signed in to change notification settings

integer-net/mage2_ext_csp

 
 

Repository files navigation

mage2_ext_csp

Module to collect CSP violations reports and convert it to the CSP rules.

Attention! Starting from version 0.0.5 module's functionality is disabled by default. You need explicitly enable module in Stores / Configuration / Security / CSP / General.

Description

There are a lot of Content Security Policy (CSP) warnings in Javascript console for Magento 2.3.5+:

This module adds report-uri ...; directive to CSP header, collects reports (separately for admin & front areas) then generates new rules to eliminate CSP warnings in console. Cron tasks to analyze reports & generate rules starts hourly.

The main goal of this module is to remove CSP errors from JS console completely but you can use this module to collect reports only (just disable activation for new rules in config).

You can switch CSP from report only to strict mode (set Report Only to false in config) after all violation reports will be converted to the rules and all not-allowed content will be locked by browser.

Installation

composer.json

"require": {
    "flancer32/mage2_ext_csp": "*"
}
$ ./bin/magento deploy:mode:set developer
$ composer require flancer32/mage2_ext_csp
$ ./bin/magento setup:upgrade
$ ./bin/magento deploy:mode:set production
$ ./bin/magento cache:clean

Docs

About

Magento 2 module to collect CSP violations reports and to eliminate JS console warnings

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • PHP 99.7%
  • HTML 0.3%