CSP
Content Security Policy (CSP) in Magento — implementation, troubleshooting compatibility issues, and securing storefronts against XSS attacks.
-
https://github.com/hyva-themes/magento2-default-theme-csp
No introduction need, but the Hyvä Theme is now open source.
61523 Nov 2025
-
https://github.com/DeployEcommerce/magento2-csp-writer
This library is a simple CSP writer for Magento 2. It can be used to write a csp_whitelist.xml file given a structured array.
1107 Apr 2025
-
https://github.com/henriquekieckbusch/henriquekieckbusch-module-autocsp
This Magento 2 module automates the management of CSP whitelists and can dynamically capture CSP violations, add them to a database, and manage inline script CSP via nonce.
83604 Mar 2025
-
https://youtu.be/dqtyItHmPqg?si=lCHZhCuWTf3SCHtl&t=51
Last week, Yireo organized a webinar about CSP & Magento with Ruud van Zuidam and Vinai Kopp. This link holds the recording.
02 Sep 2024
-
https://github.com/basecom/magento2-csp-split-header
Magento 2 module that solves the problem of oversized CSP headers by splitting them into multiple headers. It extends Magento's CSP Simple Policy Renderer to replace the existing CSP headers, ensuring they remain valid and reducing the likelihood of exceeding the web server's maximum header size.
45202 Sep 2024
-
https://www.yireo.com/blog/2024-08-16-magento-csp-webinar
CSP is a hot topic in the Magento community right now. On August 30th, Yireo organizes a webinar about this subject. Knowing Yireo, this will be good.
-
https://www.yireo.com/blog/2024-08-02-magento-and-hyva-checkout-and-csp
For some time now, Magento has been shipping with a CSP module, in general for security reasons but more specifically for PCI compliance. Magento 2.4.7-p1 changed the game and Hyvä is as-of-yet not compatible with these new changes. But there are solutions.
02 Aug 2024
-
https://www.linkedin.com/pulse/automatically-create-magentos-cspwhitelistxml-file-kieckbusch-stlqc/
I made this script to help you create Magento's "csp_whitelist.xml" easily.
11 Jul 2024
