We use cookies to make your experience better. To comply with the new e-Privacy directive, we need to ask for your consent to set the cookies. please read our Privacy Policy.
CSP Extension for Magento 2
- user guide
- User Guide
If you want to buy this extension or have any query then please contact us at info@sprinix.com
- Ensure error-free operation of your Magento 2 store with the Sprinix Technolabs CSP (Content Security Policies) Extension.
- This essential tool empowers you to effortlessly manage and prevent errors through streamlined configuration and simplifies the management of external sources and whitelisting, while effectively detecting and mitigating XSS attacks.
- By streamlining configurations and policy management, you can enhance your store's security without the need for manual upgrades or deployments.
- Choose between enforcement modes and manage policies directly from your admin panel for optimal protection against security threats.
- By effectively handling Content Security Policies, this extension minimizes hassle and enhances security, providing peace of mind for your online store.
Installation and Support : Free installation support and support for compatibility issues.
Sprinix Technolabs CSP Magento 2 Extension: Enhanced Security and Configuration Management
Introduction:
The Sprinix Technolabs CSP (Content Security Policy) Extension for Magento 2 is a vital tool for enhancing security measures and simplifying the management of external content sources within your Magento store. By providing intuitive configurations and robust features, this extension effectively mitigates Cross-Site Scripting (XSS) attacks and related data injection threats.
Key Features:
Whitelist Management:
-
Easily manage and whitelist external hosts or sources through configurations.
-
Streamline the process of adding external sources by directly configuring settings instead of manual upgrades and deployments.
Policy Enforcement Modes:
Choose between "Reports Only" and "Restrict Mode" to tailor the extension's behaviour according to security requirements.
In "Restrict Mode," only whitelisted resources are allowed, and non-whitelisted content is refused, triggering CSP errors in the browser console.
"Report Only" mode reports policy violations without blocking them, providing insights into potential security threats.
Simplified Configuration:
Configure the extension effortlessly through the Magento admin panel.
Enable or disable the extension with a simple toggle switch under the "Enable" field.
Autofix the inline css and script rendering by allowing their secure rendering through "Auto Fix Inline Style" and "Auto Fix Inline Script" fields.
Direct Policy Addition:
Add or manage policies directly within the configuration settings using the "CSP Policies" field.
Merge existing policies from the csp_whitelist.xml file with those added through the provided configuration, simplifying policy management.
Admin Store Configuration:
To configure the Sprinix CSP Extension for your store, follow these steps:
Navigate to STORES -> Configuration -> SPRINIX -> CSP in the Magento admin panel.
Enable the extension by selecting "Yes" in the "Enable" field.
Choose the desired enforcement mode ("Reports Only" or "Restrict Mode") based on your security preferences.
Optionally, select "No" for the "Reports Only" field to enable "Restrict Mode."
Directly add or manage CSP policies in the "CSP Policies" field, streamlining policy management.
Select "Yes" for the "Auto Fix Inline Style" field to autofix all the inline css.
Select "Yes" for the "Auto Fix Inline Script" field to autofix all the inline script.
Navigate to STORES -> Configuration -> SECURITY -> Content Security Policy (CSP) -> Mode -> Storefront Default in the Magento admin panel.
Optionally, select "No" for the "Reports Only" field to enable "Restrict Mode."
Navigate to STORES -> Configuration -> SECURITY -> Content Security Policy (CSP) -> CSP Policies -> General Settings -> Styles in the Magento admin panel.
Select "No" for the "Auto Fix Inline Style" field to autofix all the inline css.
Navigate to STORES -> Configuration -> SECURITY -> Content Security Policy (CSP) -> CSP Policies -> General Settings -> Scripts in the Magento admin panel.
Select "No" for the "Auto Fix Inline Script" field to autofix all the inline script.
Benefits:
Enhanced Security: Effectively mitigate XSS attacks and data injection threats by controlling external content sources.
Simplified Management: Streamline the management of CSP policies and configurations directly within the Magento admin panel.
Flexible Configuration: Choose enforcement modes according to security requirements, ensuring optimal protection for your Magento 2 store.
Compatibility:
This module is compatible with Magento Version 2.4.x - 2.4.7
Installation Instructions:
-
Download 'Sprinix CSP Extension.zip' file .
-
Extract 'Sprinix_CSP.zip' file to 'app/code/Sprinix/CSP'. You should create a folder path 'app/code/Sprinix/CSP' if not exist.
-
Download '.overrides.zip' file .
-
Extract '.overrides.zip' file to 'src'.
-
Go to Magento root folder and run : bin/composer require kub-at/php-simple-html-dom-parser.
-
bin/magento setup:upgrade;
-
bin/magento setup:di:compile
-
bin/magento setup:static-content:deploy -f
-
Add the below code in your src/composer.json file.
"extra": {
"magento-force": "override",
"no-git-submodules": true,
"composer-exit-on-patch-failure": true
},
"scripts": {
"composer-overrides": "cp -rf .overrides/*/ ./",
"post-install-cmd": [
"@composer-overrides"
]
},
"scripts-descriptions": {
"composer-overrides": "Override folders in project root with those in .overrides/ directory"
}
-
Then go to the root folder and run command : bin/composer install .
-
Go to Magento root folder and run upgrade command line to install 'Sprinix_CSP'.
-
bin/magento setup:upgrade
-
bin/magento setup:di:compile
-
bin/magento setup:static-content:deploy -f
Synopsis:
The Sprinix Techchnolabs CSP Magento 2 Extension offers a comprehensive solution for bolstering security measures and simplifying the management of external content sources within your Magento store. By providing intuitive configurations and robust features, this extension empowers administrators to effectively mitigate security threats and safeguard their Magento 2 stores against potential vulnerabilities.