brocode/module-scoped-csp

CSP extension module to provided store scopes for CSP settings in Magento 2

Maintainers

Details

github.com/brosenberger/module-scoped-csp

Source

Issues

Fund package maintenance!
By Me A Coffee

Installs: 101

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 1

Open Issues: 0

Type:magento2-module

1.0.0 2024-12-26 21:49 UTC

Requires (Dev)

MIT 4984ae2f0b7f84e94707f6fc74ed778f2323e9a9

  • Benjamin Rosenberger <bensch.rosenberger.woop@gmail.com>

magentocomposer-installer

This package is auto-updated.

Last update: 2025-03-26 22:20:33 UTC

README

This module provides an additional configuration possibility for CSP whitelists with scope definition (website, store or storeview).

"Buy Me A Coffee"

Installation

composer require brocode/module-scoped-csp
bin/magento setup:upgrade

The module should be enabled by default and does not need separate enabling.

Configuration

Add a scoped_csp_whitelist.xml into your etc-folder containing all needed policies.

Sample scoped_csp_whitelist.xml:

<?xml version="1.0" encoding="UTF-8"?>
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:noNamespaceSchemaLocation="urn:magento:module:BroCode_ScopedCsp:etc/scoped_csp_whitelist.xsd">
        <policies>
            <policy id="img-src">
                <values>
                    <value id="data-brocode" scopeType="website" scopeCode="base" type="host">https://brocode.at</value>
                    <value id="data-other-brocode" scopeType="website" scopeCode="otherbase" type="host">https://other.brocode.at</value>
                </values>
            </policy>
        </policies>
</csp_whitelist>

If no scope type is given, the policy is applied to all scopes (so basically the same behavior as the default csp_whitelist.xml).

If a scope type other then default is given, a scope code must be set as well.

TODOs

  • use XSD schema extension instead of XSD copy and extend of original csp_whitelist.xsd