PHPackages                             hryvinskyi/magento2-csp - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. hryvinskyi/magento2-csp

ActiveMagento2-module[Security](/categories/security)

hryvinskyi/magento2-csp
=======================

Advanced Content Security Policy (CSP) module for Magento 2 with whitelist management, violation reports, header splitting, and value optimization

1.3.0(2mo ago)114.1k↓19.6%1[1 issues](https://github.com/hryvinskyi/magento2-csp/issues)MITPHPPHP &gt;=8.1 &lt;8.5

Since Feb 26Pushed 2mo ago1 watchersCompare

[ Source](https://github.com/hryvinskyi/magento2-csp)[ Packagist](https://packagist.org/packages/hryvinskyi/magento2-csp)[ RSS](/packages/hryvinskyi-magento2-csp/feed)WikiDiscussions master Synced yesterday

READMEChangelog (10)Dependencies (10)Versions (30)Used By (0)

Advanced Content Security Policy (CSP) module for Magento 2
===========================================================

[](#advanced-content-security-policy-csp-module-for-magento-2)

[![Latest Stable Version](https://camo.githubusercontent.com/0d471c93a69fd7946a94961e68c614d777b6000865ddfc5bfa9136184581b820/68747470733a2f2f706f7365722e707567782e6f72672f68727976696e736b79692f6d6167656e746f322d6373702f762f737461626c65)](https://packagist.org/packages/hryvinskyi/magento2-csp)[![Total Downloads](https://camo.githubusercontent.com/9f9eced07b7e3990a7eaec671eb3257813ede05b0d50187de05abbdad736a4ea/68747470733a2f2f706f7365722e707567782e6f72672f68727976696e736b79692f6d6167656e746f322d6373702f646f776e6c6f616473)](https://packagist.org/packages/hryvinskyi/magento2-csp)[![License](https://camo.githubusercontent.com/e44601ecec02c7840480780c91260460a166f07f2fca61b5253577269ec105e3/68747470733a2f2f706f7365722e707567782e6f72672f68727976696e736b79692f6d6167656e746f322d6373702f6c6963656e7365)](https://packagist.org/packages/hryvinskyi/magento2-csp)

Overview
--------

[](#overview)

The `Hryvinskyi_Csp` module is a Magento 2 extension that provides additional Content Security Policy (CSP) configurations. This module allows administrators to manage CSP whitelists from the Magento admin panel

Features
--------

[](#features)

1. **CSP Whitelist Management**: Administrators can manage CSP whitelists directly from the Magento admin panel.
2. **Store-Specific Configuration**: Module provides store view specific CSP configuration.
3. **Violation Reports**: The module collects and displays CSP violation reports, helping administrators identify and address security issues.
4. **One-Click Conversion**: Possibility to convert violation reports to whitelist rule with one click.
5. **Mass Convert Reports**: Bulk conversion of multiple CSP report groups to whitelist entries with automatic cleanup.
6. **Automatic URL Collection**: Automatically collects and adds all storefront URLs to the CSP whitelist.
7. **CSP Header Splitting**: Automatically splits large CSP headers into multiple smaller ones to prevent issues with header size limits.
8. **CSP Value Optimization**: Removes duplicate entries and redundant wildcard-covered values from CSP headers to reduce header size.
9. **Flexible Configuration**: The module provides various configuration options to enable or disable specific CSP features.
10. **Admin Panel Integration**: The module integrates with the Magento admin panel, providing a user-friendly interface for managing CSP settings.
11. **Import/Export**: Support for importing and exporting whitelist rules.
12. **Automatic Script Hash Generation**: Command-line tool to scan CMS pages/blocks and configs for inline scripts and generate CSP hashes
13. **Visual Hash Validation**: See at a glance if your script hashes are valid
14. **Template Nonce Provider**: ViewModel class for easy CSP nonce generation in templates
15. **Enhanced Caching**: Improved CSP policy caching with better serialization and cache management
16. **Report Grouping**: Organized CSP violation reports into logical groups for better management
17. **Redundancy Detection**: Visual indicators showing duplicate and redundant whitelist entries
18. **Advanced Grid Filtering**: Filter whitelist entries by hash validation status and redundancy status
19. **Advanced Grid Sorting**: Sort whitelist entries by computed columns (hash validation, redundancy)
20. **Automatic Report Cleanup**: Scheduled cleanup of old violation reports by date or record count, with CLI command for manual execution
21. **Default-Src Consolidation**: Automatically moves values shared across all directives into `default-src`, reducing header size by 40-70%
22. **Subdomain-to-Wildcard Consolidation**: Automatically replaces groups of subdomains with wildcard entries (e.g., 3+ `*.google.com` subdomains become `*.google.com`)
23. **Scheme and Path Stripping**: Removes redundant `https://` prefixes and `/path` suffixes from CSP host values

Requirements
------------

[](#requirements)

- Magento 2.4.4 or higher
- PHP 8.1 or higher

Installation
------------

[](#installation)

### Composer (recommended)

[](#composer-recommended)

```
composer require hryvinskyi/magento2-csp
bin/magento module:enable Hryvinskyi_Csp
bin/magento setup:upgrade
bin/magento setup:di:compile
bin/magento setup:static-content:deploy
```

### Manual Installation

[](#manual-installation)

1. Download the module and upload it to `app/code/Hryvinskyi/Csp`
2. Enable the module and update the database:

```
bin/magento module:enable Hryvinskyi_Csp
bin/magento setup:upgrade
bin/magento setup:di:compile
bin/magento setup:static-content:deploy
```

Usage
-----

[](#usage)

**Admin Panel Navigation**

The module adds a new menu item in the admin panel:

1. **Content Security Policy**: Main menu item providing access to CSP features

- **Whitelist**: Manage CSP whitelist rules
- **Violation Report**: View and manage CSP violation reports
- **Configuration**: Configure CSP settings

### Managing Whitelist Rules

[](#managing-whitelist-rules)

1. Navigate to **System** &gt; **Content Security Policy** &gt; **Whitelist**
2. Click **Add** to create a whitelist entry manually
3. Fill in required fields:
    - **Identifier**: Unique name for the rule
    - **Policy**: CSP directive (e.g., script-src, style-src)
    - **Value Type**: Type of value (URL, Domain, etc.)
    - **Value**: The actual value to whitelist
    - **Store Views**: Select applicable store views
    - **Status**: Enable or disable the rule

### Using CSP Nonces in Templates

[](#using-csp-nonces-in-templates)

The module provides a CspNonceProvider ViewModel for easy nonce generation in templates:

```

        Hryvinskyi\Csp\ViewModel\CspNonceProvider

```

In your template (template.phtml)

```
