Powered by Adobe Commerce 2.4.5

contentsecuritypoliciesmanager_m.png

Content Security Policies Manager

PRODUCT:
0
TOTAL:

Overview

Back to top

Starting from 2.3.5, Magento introduced the Content Security Policies (CSP) tool to provide protection against Cross-Site Scripting (XSS) and similar attacks. This crucial means should not be ignored by merchants or, even worse, disabled/uninstalled because it is meant to protect customers from card skimmers, session hijacking, clickjacking, etc.

As it usually goes, the new built-in tool brings new headaches and challenges to those who manage and maintain e-commerce shops. The built-in CSP whitelist doesn't includes various external resources used throughout their websites: YouTube/Vimeo, external images, CDN, Live Chats, social network connectors, metrics, and services. Depending on the security mode deployed, these resources either can't operate as intended or result in numerous errors in the browser console.

This extension is built to help you maintain the CSP whitelist by providing means to view all current policies, add new ones, disable untrustworthy resources (added by 3rd-party modules), and toggle content security mode from within the Magento admin panel.

 

Features

  • Simplifies switching between CSP mode right in the Magento admin – restrict or report only
  • Shows all policies in grid view
  • Provides a quick way to add new domains with proper group/type
  • Automatically adds new records from browser report to DB
  • Provides the ability to disable any unwanted record implemented in 3rd-party module
  • Tracks new records after installing or updating extensions
  • Fixes `directive 'frame-ancestors' does not support the source expression ''unsafe-inline''`

 

Demo

Store DemoAdmin Demo

Technical Specifications

Back to top

Seller profile

SafeMage

Seller contact

E-mail

Current Version

2.4.0

Adobe Commerce platform compatibility

Open Source (CE): 2.3 (current), 2.4 (current)

Commerce on prem (EE): 2.3 (current), 2.4 (current)

Commerce on Cloud (ECE): 2.3 (current), 2.4 (current)

Type

Stable Build

Updated

25 May, 2022

Categories

Extensions, Site Optimization, Site Monitoring

Quality Report

Back to top

Installation & Varnish Tests

Passed

Coding Standard

Passed

Plagiarism Check

Passed

Malware Check

Passed

Marketing Review

Passed

Manual Testing

Passed

All tests were conducted on the latest versions of Adobe Commerce that existed for the compatible release lines at the moment of the extension submission. Latest versions of all other software were used, as applicable.

Release Notes

Back to top

2.4.0:

  • Compatible with Open Source (CE) : 2.3 2.4
  • Compatible with Commerce on prem (EE) : 2.3 2.4
  • Compatible with Commerce on Cloud (ECE) : 2.3 2.4
  • Stability: Stable Build
  • Description:

    • Added error logging;
    • Added support for wildcard (*) when specifying Value;
    • Added support for Magento 2.4.4 and PHP 8.1.

2.3.5:

  • Compatible with Open Source (CE) : 2.3 2.4
  • Compatible with Commerce on prem (EE) : 2.3 2.4
  • Compatible with Commerce on Cloud (ECE) : 2.3 2.4
  • Stability: Stable Build
  • Description:

    • Added support for “style-src-elem 'self'” and “script-src-elem 'self'” directives.

2.3.4:

  • Compatible with Open Source (CE) : 2.3 2.4
  • Compatible with Commerce on prem (EE) : 2.3 2.4
  • Compatible with Commerce on Cloud (ECE) : 2.3 2.4
  • Stability: Stable Build
  • Description:

    • Now Source renders a full path to the file containing policy (applicable to system policies only in M2.4+);
    • The policy table is being locked when new violations are reported and now policies are created;
    • Addressed an issue with the Group field sorting;
    • Added support for new 'style-src-elem' and 'script-src-elem' directives.
    • Addressed an issue with hash validation when editing a policy.

2.2.7:

  • Compatible with Open Source (CE) : 2.3 2.4
  • Compatible with Commerce on prem (EE) : 2.3 2.4
  • Compatible with Commerce on Cloud (ECE) : 2.3 2.4
  • Stability: Stable Build
  • Description:

    • Added a setting to disable the Report-To directive.

2.2.6:

  • Compatible with Open Source (CE) : 2.3 2.4
  • Compatible with Commerce on prem (EE) : 2.3 2.4
  • Compatible with Commerce on Cloud (ECE) : 2.3 2.4
  • Stability: Stable Build
  • Description:

    • Added support for protocol and port in the host field;
    • Addressed an issue with duplicate records sourced from 3rd-party domains;
    • Addressed a Magento issue with `directive 'frame-ancestors' does not support the source expression ''unsafe-inline''`.

2.2.2:

  • Compatible with Open Source (CE) : 2.3 2.4
  • Compatible with Commerce on prem (EE) : 2.3 2.4
  • Compatible with Commerce on Cloud (ECE) : 2.3 2.4
  • Stability: Stable Build
  • Description:

    • Added the abitlity to add new policies from Report-Uri;
    • Added Source and User Agent info to the policies grid;
    • Improved host validation.

Support

Back to top

The best place to start if you need help with a specific extension is to contact the developer. All Adobe Commerce developers have both a contact email and a support email listed.

Contact Vendor

Q & A

Back to top

Reviews

Back to top