Search
My Cart

baldwin / magento2-module-csp-shim

baldwin/magento2-module-csp-shim

Magento 2 module which replaces the default Magento CSP module and effectively disables its functionality

  • Pieter Hoste
magento2-module Compatibility: 2.4.7 Code Quality: Fail Tests: N/A Security: Pass MIT

CSP shim module for Magento 2

Purpose

This module exists for people who don't want to deal with the CSP (Content-Security-Policy) module which ships with Magento.

Up until Magento 2.4.7, it was simple, you could just remove the module via composer's replace syntax.
But in Magento 2.4.7, this module is more tightly integrated with certain modules (like the AdminAnalytics, Checkout and Paypal modules), which - when you try to remove the CSP module using composer's replace syntax - would cause bin/magento setup:di:compile to fail.

This module provides a solution for this case, by pretending to be the Magento CSP module for certain classes that some other modules require. The classes introduced by this module use the Magento namespace because there doesn't seem to be another way of doing this but the classes are actually empty and only contain empty functions just so nothing crashes when other modules call them.

This module comes bundled with the composer replace line to remove the Magento CSP module, so you don't need to do this yourself anymore.

Update 12 June 2024: Magento devs decided to backport the CSP changes to the following Magento security releases, so we now also support these versions in the shim:

  • 2.4.4-p9
  • 2.4.5-p8
  • 2.4.6-p6

Alternatives

This module might not be the best solution out there (3rd party modules might try to use classes which we don't provide in this module), so here are some alterntives we can also recommend that don't remove the CSP module but disable its output. Pick whatever one you like best:

Watch out

  • Do not install this module when you care about PCI DSS compliance!
  • The module is currently declared compatible with specific versions of Magento only, it's hard to predict what will happen in the future, so we'll try to open up compatibility with more future Magento versions when they get released.

Compatibility

  • This module should work with Magento 2.4.4-p9, 2.4.5-p8, 2.4.6-p6, 2.4.7 and 2.4.7-p1
  • The module should be compatible with PHP 7.4, 8.1, 8.2 and 8.3

Installation

You can use composer to install this module:

composer require baldwin/magento2-module-csp-shim

After which you can then activate it in Magento using:

bin/magento setup:upgrade

No changelog yet

The vendor hasn't published a changelog. Tagged releases appear in the Versions tab.

Versions
Version Stability QA Status Compatibility Released
1.0.12 stable Fail Magento 2.4.7 Details 2026-05-12 07:19:25
1.0.11 stable Not tested Not yet tested Details 2026-03-10 09:29:59
1.0.10 stable Not tested Not yet tested Details 2025-10-14 09:47:16
1.0.9 stable Not tested Not yet tested Details 2025-08-13 11:10:55
1.0.8 stable Not tested Not yet tested Details 2025-08-13 05:23:07
1.0.7 stable Not tested Not yet tested Details 2025-06-10 10:18:01
1.0.6 stable Not tested Not yet tested Details 2025-04-08 10:43:14
1.0.5 stable Not tested Not yet tested Details 2025-02-11 12:51:25
1.0.4 stable Not tested Not yet tested Details 2024-10-08 13:40:07
1.0.3 stable Not tested Not yet tested Details 2024-06-20 16:07:11
1.0.2 stable Not tested Not yet tested Details 2024-06-12 15:08:07
1.0.1 stable Not tested Not yet tested Details 2024-06-12 12:34:56
1.0.0 stable Not tested Not yet tested Details 2024-05-23 14:19:48

Requires 2

Package Constraint
php ~7.4.0 || ~8.1.0 || ~8.2.0 || ~8.3.0
magento/framework 103.0.4-p9 || 103.0.4-p11 || 103.0.4-p12 || 103.0.4-p13 || 103.0.4-p14 || 103.0.4-p15 || 103.0.5-p8 || 103.0.5-p10 || 103.0.5-p11 || 103.0.5-p12 || 103.0.5-p13 || 103.0.5-p14 || 103.0.6-p6 || 103.0.6-p8 || 103.0.6-p9 || 103.0.6-p10 || 103.0.6-p11 || 103.0.6-p12 || 103.0.6-p13 || 103.0.6-p14 || 103.0.6-p15 || 103.0.7 || 103.0.7-p1 || 103.0.7-p3 || 103.0.7-p4 || 103.0.7-p5 || 103.0.7-p6 || 103.0.7-p7 || 103.0.7-p8 || 103.0.7-p9 || 103.0.7-p10

Requires-dev 2

Package Constraint
bamarni/composer-bin-plugin ^1.8
ergebnis/composer-normalize ^2.42

Replaces 1

Package Constraint
magento/module-csp 100.4.3-p9 || 100.4.3-p13 || 100.4.4-p8 || 100.4.4-p12 || 100.4.5-p6 || 100.4.5-p10 || 100.4.5-p13 || 100.4.6 || 100.4.6-p5 || 100.4.6-p8

Compatibility

Each Magento release line is installed on its supported PHP versions, then the module is built (DI compilation + static-content deploy) and its unit and integration suites are run. The matrix shows the lines and PHP versions the module is confirmed to install and run on. Code-quality results further down (phpstan, phpcs, …) are reported separately and never affect compatibility.

Compatibility matrix (Magento × PHP)
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 Pass Pass
2.4.8 not tested not tested
2.4.9 not tested not tested

Code Quality

Advisory checks against the module's source. Static analysis runs once across the whole module; PHPStan re-runs per Magento + PHP version because resolvable symbols differ between releases. These NEVER affect the Compatibility badge — a phpcs finding can't make a module incompatible.

Static analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

Static analysis results
Tool Status Findings Summary
PHPCS Warning 2 2 warnings (ruleset: Magento2)
PHPMD Warning 12 12 rule violations (UnusedFormalParameter:12)
Cpd Pass 0
Composer validate Pass 0

PHPStan

Type-checks the module's PHP against a real Magento install at the configured gate level. Re-runs per Magento and PHP version because resolvable symbols differ between releases. Cell → details modal.

PHPStan results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 11 11
2.4.8 Error N/A
2.4.9 N/A N/A

Tests

Unit and integration suites, run for each applicable Magento and PHP version. A test failure speaks to the module's behaviour, not its compatibility with a Magento line, so it is reported here separately and never reddens the compatibility matrix.

Unit tests

Unit tests results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 N/A N/A
2.4.8 N/A N/A
2.4.9 N/A N/A

Integration tests

Integration tests results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 N/A N/A
2.4.8 N/A N/A
2.4.9 N/A N/A

Security

Security checks run directly against the module: an audit of its declared dependencies for known vulnerabilities (composer audit) and a scan of its source for malware and web-shell signatures. Each runs once. A malware detection fails the version outright.

Security results
Tool Status Findings Summary
Composer audit Pass 0
Malware scan Pass 0
License
MIT
Authors

More from baldwin

View vendor
baldwin/magento2-module-less-js-compiler Free
magento2-module

Allows Magento 2 to compile less files using the less nodejs compiler

v1.7.2 2mo ago
0
baldwin/magento2-module-image-cleanup Free
magento2-module

Magento 2 module which can cleanup old image files that are no longer being used

v1.2.7 2mo ago
0
baldwin/magento2-module-url-data-integrity-checker Free
magento2-module

Magento 2 module which can find potential url related problems in your catalog data

v1.6.1 2mo ago
0
Make it pay

Turn an existing module into recurring revenue.

If you already maintain a Magento 2 module on GitHub or GitLab, listing it on Packagento takes about five minutes. We mirror your tags, handle distribution signing, and route paid licenses through Stripe Connect, so you can keep shipping the way you already do.

List your module