brocode / module-scoped-csp
CSP extension module to provided store scopes for CSP settings in Magento 2
Fund package maintenance!
By Me A Coffee
Installs: 375
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 1
Open Issues: 0
Type:magento2-module
pkg:composer/brocode/module-scoped-csp
Requires (Dev)
- composer/composer: *@dev
README
This module provides an additional configuration possibility for CSP whitelists with scope definition (website, store or storeview).
Installation
composer require brocode/module-scoped-csp
bin/magento setup:upgrade
The module should be enabled by default and does not need separate enabling.
Configuration
Add a scoped_csp_whitelist.xml
into your etc-folder containing all needed policies.
Sample scoped_csp_whitelist.xml
:
<?xml version="1.0" encoding="UTF-8"?> <csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:BroCode_ScopedCsp:etc/scoped_csp_whitelist.xsd"> <policies> <policy id="img-src"> <values> <value id="data-brocode" scopeType="website" scopeCode="base" type="host">https://brocode.at</value> <value id="data-other-brocode" scopeType="website" scopeCode="otherbase" type="host">https://other.brocode.at</value> </values> </policy> </policies> </csp_whitelist>
If no scope type is given, the policy is applied to all scopes (so basically the same behavior as the default csp_whitelist.xml).
If a scope type other then default
is given, a scope code must be set as well.
TODOs
- use XSD schema extension instead of XSD copy and extend of original csp_whitelist.xsd