Csp
A robust Content Security Policy (CSP) protects Magento storefronts from XSS and other injection attacks while keeping third-party integrations functional. Learn report-only rollouts, source whitelisting, and sustainable maintenance.
Need help implementing or tuning CSP in Magento? Control Alt Delete can assist: https://www.controlaltdelete.dev
-
https://github.com/DeployEcommerce/magento2-csp-writer
This library is a simple CSP writer for Magento 2. It can be used to write a csp_whitelist.xml file given a structured array.
1107 Apr 2025
-
https://github.com/henriquekieckbusch/henriquekieckbusch-module-autocsp
This Magento 2 module automates the management of CSP whitelists and can dynamically capture CSP violations, add them to a database, and manage inline script CSP via nonce.
83604 Mar 2025
-
https://youtu.be/dqtyItHmPqg?si=lCHZhCuWTf3SCHtl&t=51
Last week, Yireo organized a webinar about CSP & Magento with Ruud van Zuidam and Vinai Kopp. This link holds the recording.
02 Sep 2024
-
https://github.com/basecom/magento2-csp-split-header
Magento 2 module that solves the problem of oversized CSP headers by splitting them into multiple headers. It extends Magento's CSP Simple Policy Renderer to replace the existing CSP headers, ensuring they remain valid and reducing the likelihood of exceeding the web server's maximum header size.
45102 Sep 2024
-
https://www.yireo.com/blog/2024-08-16-magento-csp-webinar
CSP is a hot topic in the Magento community right now. On August 30th, Yireo organizes a webinar about this subject. Knowing Yireo, this will be good.
-
https://www.yireo.com/blog/2024-08-02-magento-and-hyva-checkout-and-csp
For some time now, Magento has been shipping with a CSP module, in general for security reasons but more specifically for PCI compliance. Magento 2.4.7-p1 changed the game and Hyvä is as-of-yet not compatible with these new changes. But there are solutions.
02 Aug 2024
-
https://www.linkedin.com/pulse/automatically-create-magentos-cspwhitelistxml-file-kieckbusch-stlqc/
I made this script to help you create Magento's "csp_whitelist.xml" easily.
11 Jul 2024
