Content Security Policy Directive

Hi All,

I am trying to work through errors on my site, there don’t appear to be too many and I can get support for the 3rd party modules.

But of late, the developers of these modules are referring to errors in Chrome, as the point of my issue. To be honest, I don’t agree with them but that’s another story.

`

[Report Only] Refused to connect to ‘’ because it violates the following Content Security Policy directive: “connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com ‘self’ ‘unsafe-inline’”.

`

Digging into these issues I found this page, https://devdocs.magento.com/security/content-security-policy-overview.html which mentions this is apart of Magento by design and will soon change mode. Does anyone have a simple English solution a non developer like myself could follow\implement?

Thanks!

I have a video coming out on this really soon, along with a module that you’ll be able to download and install. Keep your eye out for this, maybe this Thursday (if I have time).

The errors you’re seeing that reference “Content Security Policies” aren’t errors per se. What you’re seeing is expected behaviour that isn’t actually breaking anything. It’ll all be a little clearer soon.

1 Like