orba/module-csp

This package is abandoned and no longer maintained. The author suggests using the lingaro/module-csp package instead.

Orba CSP module

Maintainers

Details

github.com/ORBA/module-csp

Source

Issues

Installs: 2 711

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 4

Forks: 0

Open Issues: 0

Type:magento2-module

0.1.0 2020-05-25 09:16 UTC

Requires

  • php: ~7.1.3||~7.2.0||~7.3.0
  • magento/framework: 102.0.*
  • magento/module-backend: 101.0.*
  • magento/module-config: 101.1.*
  • magento/module-csp: 100.3.*

MIT ca10701108290d2ae637892e5c52c7912b6ec174

  • Orba Sp. z o.o. <info.woop@orba.co>

This package is auto-updated.

Last update: 2023-06-07 10:59:23 UTC

README

This module extends Magento_Csp in the following ways:

  • allows to save CSP violation reports in a log file
  • adds missing CSP rules

It improves the Magento CSP framework without impairing security.

Thanks to the use of CSP violation reports logger, you don't need an external service for reporting.

CSP Violation Reports

If configuration Security > Orba CSP > General Configuration > Use built-in reporting is enabled and no report-uri is specified in csp_whitelist.xml, CSP violation reports are sent to endpoint /csp/report/ and saved in var/log/csp.log.

Notice: this feature works only if you do not specify a different report-uri in csp_whitelist.xml, otherwise it is ignored.

Log file can be downloaded using a link in Stores > Configuration > Security > Orba CSP > General Configuration.

Additional CSP rules

The module whitelists additional resources such as fonts.googleapis.com and www.google.com/recaptcha/.

Installation

composer require orba/module-csp
bin/magento module:enable Orba_Csp
bin/magento setup:upgrade

Configuration

Security > Orba CSP > General Configuration > Use built-in reporting - if enabled and no report-uri is specified in csp_whitelist.xml, CSP violation reports are sent to endpoint /csp/report/ and saved in a log file.