ctidigital / magento2-csp-whitelist

ctidigital/magento2-csp-whitelist

Control CSP via the admin area

magento2-module Compatibility: 2.4.7-2.4.9 Code Quality: Fail Tests: N/A Security: Pass MIT

Get this package

Free

Install

Add the repository once:

composer config repositories.packagento composer https://packagento.com/

Then require:

composer require ctidigital/magento2-csp-whitelist:^1.0.1

Details

Latest version: 1.0.1
Released: 2021-02-09 11:17:38
Downloads: 0
License: MIT

Own this package?

Are you the maintainer? Create an account and link the source repository to claim this package and register a webhook so new versions publish automatically.

Claim this Package

Report this package

Seeing license violations, malicious code, IP infringement, or spam? Let our moderation team know.

Readme

Magento 2 CSP Whitelist

A Magento 2 module created by CTI Digital to create and maintain Content Security Policies via the admin panel.

Installation

composer require ctidigital/magento2-csp-whitelist
php bin/magento module:enable CtiDigital_CspWhitelist
php bin/magento setup:upgrade

Usage

Identify the resource blocked by the Content Security Policy:

Refused to load https://www.google-analytics.com/analytics.js because it does not appear in the script-src directive of the Content Security Policy.

Take note of the resource google-analytics.com or *.google-analytics.com.
Check which policy it violates script-src.
Navigate to admin panel Stores->Configuration->Cti->CSP Whitelist
Ensure the module is enabled. Add a new row, select a resource and add the value.
Save and flush the relevant caches.

Policies

POLICY NAME	DESCRIPTION
default-src	The default policy.
base-uri	Defines which URLs can appear in a page’s <base> element.
child-src	Defines the sources for workers and embedded frame contents.
connect-src	Defines the sources that can be loaded using script interfaces.
font-src	Defines which sources can serve fonts.
form-action	Defines valid endpoints for submission from <form> tags.
frame-ancestors	Defines the sources that can embed the current page.
frame-src	Defines the sources for elements such as <frame> and <iframe>.
img-src         Defines the sources from which images can be loaded.
manifest-src	Defines the allowable contents of web app manifests.
media-src	Defines the sources from which images can be loaded.
object-src	Defines the sources for the <object>, <embed>, and <applet> elements.
script-src	Defines the sources for JavaScript <script> elements.
style-src	Defines the sources for stylesheets.

Changelog

No changelog yet

The vendor hasn't published a changelog. Tagged releases appear in the Versions tab.

Versions 2

Versions
Version	Stability	QA Status	Compatibility	Released
1.0.1	stable	Fail	Magento 2.4.7-2.4.9 Details	2021-02-09 11:17:38
1.0.0	stable	Not tested	Not yet tested Details	2021-02-09 10:56:34

Dependencies

No dependencies declared

This package's composer.json doesn't declare any required, suggested, replaced, or conflicting packages.

Quality 12

Compatibility

Each Magento release line is installed on its supported PHP versions, then the module is built (DI compilation + static-content deploy) and its unit and integration suites are run. The matrix shows the lines and PHP versions the module is confirmed to install and run on. Code-quality results further down (phpstan, phpcs, …) are reported separately and never affect compatibility.

Compatibility matrix (Magento × PHP)
Magento	PHP 8.2	PHP 8.3	PHP 8.4	PHP 8.5
2.4.7	Pass	Pass
2.4.8		Pass	Pass
2.4.9			Pass	Pass

Code Quality

Advisory checks against the module's source. Static analysis runs once across the whole module; PHPStan re-runs per Magento + PHP version because resolvable symbols differ between releases. These NEVER affect the Compatibility badge — a phpcs finding can't make a module incompatible.

Static analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

Static analysis results
Tool	Status	Findings	Summary
PHPCS	Warning	16	16 warnings (ruleset: Magento2)
PHPMD	Pass	0
Cpd	Pass	0
Composer validate	Info	1	valid; 1 advisory note (composer validate --strict)

PHPStan

Type-checks the module's PHP against a real Magento install at the configured gate level. Re-runs per Magento and PHP version because resolvable symbols differ between releases. Cell → details modal.

PHPStan results by Magento and PHP version
Magento	PHP 8.2	PHP 8.3	PHP 8.4	PHP 8.5
2.4.7	5	5
2.4.8		5	5
2.4.9			5	5

Tests

Unit and integration suites, run for each applicable Magento and PHP version. A test failure speaks to the module's behaviour, not its compatibility with a Magento line, so it is reported here separately and never reddens the compatibility matrix.

Unit tests

Unit tests results by Magento and PHP version
Magento	PHP 8.2	PHP 8.3	PHP 8.4	PHP 8.5
2.4.7	N/A	N/A
2.4.8		N/A	N/A
2.4.9			N/A	N/A

Integration tests

Integration tests results by Magento and PHP version
Magento	PHP 8.2	PHP 8.3	PHP 8.4	PHP 8.5
2.4.7	N/A	N/A
2.4.8		N/A	N/A
2.4.9			N/A	N/A

Security

Security checks run directly against the module: an audit of its declared dependencies for known vulnerabilities (composer audit) and a scan of its source for malware and web-shell signatures. Each runs once. A malware detection fails the version outright.

Security results
Tool	Status	Findings	Summary
Composer audit	Pass	0
Malware scan	Pass	0

License

License: MIT

More from ctidigital

View vendor

ctidigital/magento2-configurator Free

magento2-module

Keep magento persistently configured using files

v4.0.1 8mo ago

Make it pay

Turn an existing module into recurring revenue.

If you already maintain a Magento 2 module on GitHub or GitLab, listing it on Packagento takes about five minutes. We mirror your tags, handle distribution signing, and route paid licenses through Stripe Connect, so you can keep shipping the way you already do.

List your module