This Magento 2 CSP whitelisting module streamlines the creation and management of Content Security Policy (CSP) whitelists. By simplifying the process directly within the Magento 2 admin panel, it eliminates the need for complex code modifications. This user-friendly extension is particularly valuable for Magento 2.4.7 stores with stricter CSP enforcement, allowing for easy whitelist management without compromising security.
Free Support
up to 60 days
Free Upgrades
up to 1 year
Fully open source
Compatible with Magento 2 community and enterprise 2.3.3 - 2.4.x including cloud edition
Content Security Policy (CSP) is a powerful security measure that restricts the resources a web page can load. By implementing a well-defined CSP, you significantly reduce the attack surface of your Magento store, making it more resistant to malicious scripts, injections, and other web-based threats.
This extension grants you complete control over your CSP configuration. The user-friendly interface allows you to effortlessly enable/disable the extension, and configure individual CSP directives.
Running a Magento 2 store is like running a high-end boutique. You want to showcase your products in the best light, attract the right customers, and ensure everything is secure. But unlike a brick-and-mortar store, online threats can lurk in the shadows of your code. That's where Magento 2 Content Security Policy (CSP) comes in – your virtual security guard, keeping the bad guys out and the good guys flowing through.
Imagine CSP as a bouncer with a VIP list. It checks every script, style, and font trying to enter your website against a pre-approved list. Only those on the list (think trusted vendors and your own custom code) get access. This significantly reduces the risk of malicious code injection, a tactic hackers use to steal data or take control of your site.
Here's the catch: overly strict CSP rules can be like an overzealous bouncer, turning away legitimate customers (read: essential functionalities). You might find your fancy product sliders malfunctioning or social media buttons disappearing. This can lead to frustrated shoppers and lost sales – not exactly the outcome you're looking for.
So, how do you strike the balance between security and functionality? Enter user-friendly Magento 2 CSP whitelisting module. This acts like velvet ropes at your virtual door. You can easily create and manage whitelists for trusted URLs and domains directly from your Magento 2 admin panel. No more wrestling with complex code!
Here we will explain each of CSP directives in detail so that you are able to better identify the error in your browser console and make the appropriate entries in the module to fix them. Here's a breakdown of common CSP directives and their explanations:
default-src
default-src 'self'
script-src
script-src 'self' https://apis.google.com
style-src
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com
img-src
img-src 'self' https://images.example.com
connect-src
connect-src 'self' https://api.example.com
font-src
font-src 'self' https://fonts.gstatic.com
object-src
<object>
, <embed>
, and <applet>
tags.object-src 'none'
media-src
media-src 'self' https://media.example.com
frame-src
<frame>
and <iframe>
.frame-src 'self' https://trustedpartner.com
child-src
child-src 'self' https://example.com
worker-src
worker-src 'self'
form-action
form-action 'self' https://forms.example.com
frame-ancestors
<frame>
, <iframe>
, <object>
, <embed>
, or <applet>
.frame-ancestors 'self' https://trustedpartner.com
base-uri
<base>
element.base-uri 'self'
report-uri
report-uri https://report.example.com/csp-violations
report-to
report-to csp-endpoint
Reporting-Endpoints
defined in the Report-To
header for CSP violations.The main highlights of the module are-:.
We offer 60 days of free support and 12 months of free upgrade for any standard Magento site when you buy this extension. You can also get our installation service for a small fee. If you want more benefits, you can purchase our 12 months of free premium support and free lifetime upgrade package. Please contact us if you need any assistance or customization for this extension. We will reply to you within 48 hours. We may also offer you a special deal or a free solution if we like your idea.
https://www.scommerce-mage.com/magento-extension-installation-service.html
Once you received the latest version of our extension then we would highly recommend to delete all the files and folder of our extension from your website first before uploading the latest version because we might have removed existing files and keeping existing files could cause problems on your website.