I installed the CSP module as mentioned here but it doesn’t work for me. The module is listed as enabled but it’s like ignored. I run, of course, setup:upgrade and cleared the cache.
I’m using Magento 2.4.0 with Apache web server behind a nginx reverse proxy with HTTP basic Auth enabled.
Yeah, that’s my thought too. I don’t think Nginx or Varnish could prevent the working but I tried many solutions without success. I also tried this module but it’s still not working. I cannot understand where is the problem.
Do you have Magento_Csp enabled? I’m assuming you do, but just checking. As DigitalStartup_Csp extends this module - Therefore, both need to be enabled.
Having said that, I guess you wouldn’t be seeing the warnings if it was off.
I got partially working using the Flancer32 extension that I linked before. I installed it, enabled and run magento fl32:csp:analyze . Now all the console errors are gone away except 1 from Paypal:
[Report Only] Refused to load the image 'https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=6eaf216598124ea0799836ddab3ef7bf&t=1600355547.455&a=14' because it violates the following Content Security Policy directive: "img-src data: b.stats.paypal.com c.paypal.com widgets.magentocommerce.com
Yeah, but where? That module doesn’t provide a whitelist.xml file and I cannot add it from the backend, I can just read the automatically added entries from there.
Thanks, I already read it but as I said, from there I can only read the recognized entries automatically added after run magento fl32:csp:analyze. I cannot manually add any entry from there.
Sadly, I cannot understand why, but your module as well as the others I tried and another that I created by myself similar at yours, they simply don’t work. That’s the only one module that is working for me at the moment. However, I’ll try again with yours.