hk2/csp

HK2 CSP Whitelisting for Magento version 2.3.5 or above includes major URLs such as Cloudflare, Google Analytics, Google Fonts, Fontawesome, AddThis, Googleapis, Facebook Graph, Pinterest, Vimeo, Twitter, TrustPilot, NitroPack/NitroCDN, jsdelivr.net, Tailwind CSS CDN, and ContentSquare. One can disa

Maintainers

Details

github.com/basantmandal/HK2-CSP_Whitelisting-Magento-Module

Homepage

Source

Issues

Installs: 356

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

Type:magento2-module

1.0.3 2024-12-25 13:11 UTC

Requires

  • php: ^7.3.0|^7.4.0|^8.0|^8.1.0|^8.2.0
  • magento/framework: >=100.0.0

MIT 4fa0c98282faa015c2eee72a2d9a5f07d0fc9512

extensioncspmagento2HK2BasantHK2_CspWhitelist URL CSPbasantmandal.in

This package is auto-updated.

Last update: 2025-02-28 04:37:30 UTC

README

HK2 CSP Whitelisting for Magento version 2.3.5 or above includes major URLs such as Cloudflare, Google Analytics, Google Fonts, Fontawesome, AddThis, Googleapis, Facebook Graph, Pinterest, Vimeo, Twitter, TrustPilot, NitroPack/NitroCDN, jsdelivr.net, Tailwind CSS CDN, and ContentSquare

One can disable Magento 2 CSP. However, Disabling results in more possibilities of attacks on the Magento store. (CSP) are a powerful tool to mitigate against Cross Site Scripting (XSS) and related attacks.

Please Note :- This module Whitelist CSP in Magento Store Frontend.

πŸ’° Account & Pricing

This is a Open Source - Free to use Module. No charge or any fee is there to use it.

🧐 Features

  1. Fully Customizable as per your Store needs. Check How to Configure Section for more details.
  2. Simple, Open Source & Free
  3. CSP is not disabled rather specific listed urls are whitelisted, keeping your Magento Store Safe.

Some of the URL Whitelisted

  1. Addthis (moatads is a part of Addthis)
  2. Cloudflare
  3. Facebook Graph
  4. Fontawesome
  5. Google Analytics, Google Fonts, Gstatic, Google Tag Manager & Googleapis
  6. Pinterest
  7. Trust Pilot
  8. Twitter
  9. Vimeo
  10. ContentSqaure
  11. Nitropack/NitroCDN
  12. Tailwind
  13. jsdelivr.net

πŸš€ Supported Version

  • Magento v2.3.5, 2.4.x

How to install

Method 1: Install ready-to-paste package

Download Link - HK2 - CSP - (https://github.com/basantmandal/HK2-CSP_Whitelisting-Magento-Module/releases)

Download the zip package and unzip it in app/code folder.

Enable Extension

php bin/magento module:enable HK2_Csp
php bin/magento setup:upgrade
php bin/magento cache:flush

Disable Extension

php bin/magento module:disable HK2_Csp
php bin/magentosetup:upgrade
php bin/magento cache:flush

Method 2: Install via composer (Recommend)

Run the following command in Magento 2 root folder

composer require hk2/csp
php bin/magento setup:upgrade
php bin/magento setup:static-content:deploy

How to Configure?

You can add a domain to the whitelist for a policy (like script-src, style-src, font-src and others) by updating the csp_whitelist.xml present in /app/code/HK2/Csp/etc/csp_whitelist.xml . Please only create rules for URLs that you have verified as safe & safe for your Magento Store. Ensure that you use a unique "id" (e.g. the URL) for each entry within its group. Below screenshot describes Policy Name & Description.

screenshot1

πŸ› οΈ Maintenance mode

You may want to enable the maintenance mode when installing or updating the module, especially when working on a production website. To do so, run the two commands below before and after running the other setup commands:

Enable Maintenance Mode

php bin/magento maintenance:enable

Disable Maintenance Mode

php bin/magento maintenance:disable

🀫 Privacy

This extension does not read, change, store, or transmit any of your personal data (e.g., logins, passwords, messages, contacts) from any of the sites or your computer in absolutely any form.

πŸ“« Support

For support or any bug report or changes mail me at - support@hashtagkitto.co.in

🐞 Bug Report

Please open an issue on GitHub.

When filing a bug remember that the better written the bug is, the more likely it is to be fixed.

You can also reach us at support@hashtagkitto.co.in

🍰 Contribution Guidelines πŸ’–

Contributions are welcome! If you’d like to contribute to this project:

  • Fork the repository.
  • Create a new branch (git checkout -b feature/your-feature-name).
  • Make your changes and commit them (git commit -am 'Add new feature').
  • Push to the branch (git push origin feature/your-feature-name).
  • Open a pull request.

Please Note :- I may be a bit delayed in responding or slow in responding due to low amount of free time. I apologize for the inconvenience and I appreciate your patience

🀝 Consent

By using any Product/Module/Application from Basant Mandal A.K.A (HK2 - Hash Tag Kitto), you hereby consent to our disclaimer and agree to its terms.

πŸ“’ Disclaimer

Basant Mandal (HK2 - Hash Tag Kitto) does not make any warranties about the completeness, reliability and accuracy of this image or its related products. Any action you take upon the information you find here is strictly at your own risk.

Basant Mandal (HK2 - Hash Tag Kitto) will not be liable for any losses and/or damages in connection with the use of our website.

πŸ’–Like my work? Help Us

Please rate my project or give some stars at https://github.com/basantmandal/HK2-CSP_Whitelisting-Magento-Module. You can also contribute to make my Open Source Contribution more frequent and help others - https://www.buymeacoffee.com/basantmandal or https://www.basantmandal.in/buymecoffee

πŸ“« Feedback

If you have any feedback, please reach out to us at support@hashtagkitto.co.in

πŸ”— Links:

Feel free to reach me through the below handles if you'd like to contact me.

portfolio linkedin

πŸ“œ License:

MIT License GPLv3 License AGPL License