hgati/module-csp-whitelist

在Magento2管理面板上实现CSP控制

维护者

详细信息

github.com/hgati/module-csp-whitelist

源代码

问题

安装: 3

依赖项: 0

建议者: 0

安全性: 0

星标: 0

关注者: 1

分支: 0

开放问题: 0

类型:magento2-module

dev-master 2024-06-19 12:28 UTC

MIT 6fef145608e967a62f0ec079fcd3ca6f1bf9b4b2

This package is auto-updated.

Last update: 2024-09-19 13:03:51 UTC

README

安装

  • composer require hgati/module-csp-whitelist:dev-master
  • php bin/magento module:enable Hgati_CspWhitelist
  • php bin/magento setup:upgrade

使用方法

识别被内容安全策略阻止的资源

Refused to load https://#/analytics.js because it does not appear in the script-src directive of the Content Security Policy.
  1. 注意资源 google-analytics.com*.google-analytics.com
  2. 检查它违反了哪个策略 script-src
  3. 导航到管理面板 商店 > 配置 > Hgati > CSP 白名单
  4. 确保模块已启用。添加新行,选择资源并添加值。
  5. 保存并刷新相关缓存。

策略

POLICY NAME	DESCRIPTION
default-src	The default policy.
base-uri	Defines which URLs can appear in a page’s <base> element.
child-src	Defines the sources for workers and embedded frame contents.
connect-src	Defines the sources that can be loaded using script interfaces.
font-src	Defines which sources can serve fonts.
form-action	Defines valid endpoints for submission from <form> tags.
frame-ancestors	Defines the sources that can embed the current page.
frame-src	Defines the sources for elements such as <frame> and <iframe>.
img-src         Defines the sources from which images can be loaded.
manifest-src	Defines the allowable contents of web app manifests.
media-src	Defines the sources from which images can be loaded.
object-src	Defines the sources for the <object>, <embed>, and <applet> elements.
script-src	Defines the sources for JavaScript <script> elements.
style-src	Defines the sources for stylesheets.