ctidigital/magento2-csp-whitelist

通过管理区域控制CSP

维护者

详情

github.com/ctidigital/magento2-csp-whitelist

源码

问题

安装量: 75,648

依赖者: 0

建议者: 0

安全性: 0

星标: 14

关注者: 11

分支: 3

开放问题: 2

类型:magento2-module

1.0.1 2021-02-09 11:16 UTC

MIT 1472dca20fe054b7e5e873c83a98fa0b061545b6

This package is auto-updated.

Last update: 2024-09-09 19:00:27 UTC

README

CTI Digital 创建的 Magento 2 模块,用于通过管理面板创建和维护内容安全策略。

安装

  • composer require ctidigital/magento2-csp-whitelist
  • php bin/magento module:enable CtiDigital_CspWhitelist
  • php bin/magento setup:upgrade

使用方法

确定被内容安全策略阻止的资源

Refused to load https://#/analytics.js because it does not appear in the script-src directive of the Content Security Policy.
  1. 注意资源 google-analytics.com*.google-analytics.com
  2. 检查它违反了哪个策略 script-src
  3. 导航到管理面板 商店->配置->CTI->CSP 白名单
  4. 确保模块已启用。添加新行,选择资源并添加值。
  5. 保存并刷新相关缓存。

策略

POLICY NAME	DESCRIPTION
default-src	The default policy.
base-uri	Defines which URLs can appear in a page’s <base> element.
child-src	Defines the sources for workers and embedded frame contents.
connect-src	Defines the sources that can be loaded using script interfaces.
font-src	Defines which sources can serve fonts.
form-action	Defines valid endpoints for submission from <form> tags.
frame-ancestors	Defines the sources that can embed the current page.
frame-src	Defines the sources for elements such as <frame> and <iframe>.
img-src         Defines the sources from which images can be loaded.
manifest-src	Defines the allowable contents of web app manifests.
media-src	Defines the sources from which images can be loaded.
object-src	Defines the sources for the <object>, <embed>, and <applet> elements.
script-src	Defines the sources for JavaScript <script> elements.
style-src	Defines the sources for stylesheets.