hryvinskyi/magento2-csp

N/A

Maintainers

Details

github.com/hryvinskyi/magento2-csp

Source

Issues

Installs: 35

Dependents: 0

Suggesters: 0

Security: 0

Stars: 4

Watchers: 1

Forks: 0

Open Issues: 0

Type:magento2-module

1.0.7 2025-03-28 14:52 UTC

Requires

  • php: >=8.1 <8.5
  • ext-simplexml: *
  • magento/framework: *
  • magento/module-csp: *

MIT 1502215710e7704e94666481351e790c3db0f594

  • Volodymyr Hryvinskyi <volodymyr.woop@hryvinskyi.com>

This package is auto-updated.

Last update: 2025-03-28 14:52:53 UTC

README

Overview

The Hryvinskyi_Csp module is a Magento 2 extension that provides additional Content Security Policy (CSP) configurations. This module allows administrators to manage CSP whitelists from the Magento admin panel

Features

  1. CSP Whitelist Management: Administrators can manage CSP whitelists directly from the Magento admin panel.
  2. Store-Specific Configuration: Module provides store view specific CSP configuration.
  3. Violation Reports: The module collects and displays CSP violation reports, helping administrators identify and address security issues.
  4. One-Click Conversion: Possibility to convert violation reports to whitelist rule with one click.
  5. Automatic URL Collection: Automatically collects and adds all storefront URLs to the CSP whitelist.
  6. Flexible Configuration: The module provides various configuration options to enable or disable specific CSP features.
  7. Admin Panel Integration: The module integrates with the Magento admin panel, providing a user-friendly interface for managing CSP settings.
  8. Import/Export: Support for importing and exporting whitelist rules.

Requirements

  • Magento 2.4.4 or higher
  • PHP 8.1 or higher

Installation

Composer (recommended)

composer require hryvinskyi/magento2-csp
bin/magento module:enable Hryvinskyi_Csp
bin/magento setup:upgrade
bin/magento setup:di:compile
bin/magento setup:static-content:deploy

Manual Installation

  1. Download the module and upload it to app/code/Hryvinskyi/Csp
  2. Enable the module and update the database:
bin/magento module:enable Hryvinskyi_Csp
bin/magento setup:upgrade
bin/magento setup:di:compile
bin/magento setup:static-content:deploy

Usage

Admin Panel Navigation

The module adds a new menu item in the admin panel:

  1. Content Security Policy: Main menu item providing access to CSP features
  • Whitelist: Manage CSP whitelist rules
  • Violation Report: View and manage CSP violation reports
  • Configuration: Configure CSP settings

Managing Whitelist Rules

  1. Navigate to System > Content Security Policy > Whitelist
  2. Click Add to create a whitelist entry manually
  3. Fill in required fields:
    • Identifier: Unique name for the rule
    • Policy: CSP directive (e.g., script-src, style-src)
    • Value Type: Type of value (URL, Domain, etc.)
    • Value: The actual value to whitelist
    • Store Views: Select applicable store views
    • Status: Enable or disable the rule

Configuration

Navigate to System > Content Security Policy > Configuration or Stores > Configuration > Security > Content Security Policy to access module settings.

Support

If you encounter any issues or have questions, please contact the author or open an issue on GitHub.

License

This module is licensed under the MIT License - see the LICENSE file for details.

Author

Volodymyr Hryvinskyi
Email: volodymyr@hryvinskyi.com
GitHub: https://github.com/hryvinskyi