I got a solution by removing all the content security warnings by creating a module and adding the csp_whitelist.xml in the etc folder of the module.
Step 1: Create a module.
Step 2: Add csp_whitelist.xml in the etc folder of the module and copy-paste the below code in that file.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
<?xml version="1.0"?> <csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp/etc/csp_whitelist.xsd"> <policies> <policy id="script-src"> <values> <!--CDN--> <value id="cloudflare" type="host">*.cloudflare.com</value> <!--Google--> <value id="google-analytics" type="host">*.google-analytics.com</value> <value id="googlecom" type="host">*.google.com</value> <value id="googlein" type="host">*.google.co.in</value> <value id="gtmanager" type="host">*.googletagmanager.com</value> <value id="gstatic" type="host">*.gstatic.com</value> <!--Hotjar--> <value id="hotjar" type="host">*.hotjar.com</value> <!--Criteo--> <value id="criteo" type="host">*.criteo.com</value> <value id="criteonet" type="host">*.criteo.net</value> <!--Github--> <value id="github" type="host">*.github.io</value> </values> </policy> <policy id="style-src"> <values> <!--CDN--> <value id="cloudflare" type="host">*.cloudflare.com</value> <!--Design--> <value id="googlefont" type="host">fonts.googleapis.com</value> <value id="maxcdn" type="host">*.bootstrapcdn.com</value> </values> </policy> <policy id="img-src"> <values> <!--CDN--> <value id="cloudflare" type="host">*.cloudflare.com</value> <value id="klarna-base" type="host">https://cdn.klarna.com</value> <!--Payments--> <value id="paypal" type="host">*.paypal.com</value> <!--Video--> <value id="vimeocdn" type="host">*.vimeocdn.com</value> <value id="youtube-img" type="host">https://s.ytimg.com</value> <!--Google--> <value id="googlecom" type="host">*.google.com</value> <value id="googlein" type="host">*.google.co.in</value> <!--Data--> <value id="data" type="host">data:</value> </values> </policy> <policy id="connect-src"> <values> <!--Google--> <value id="google-analytics" type="host">*.google-analytics.com</value> <value id="gtmanager" type="host">*.googletagmanager.com</value> <!--CDN--> <value id="cloudflare" type="host">*.cloudflare.com</value> <!--Payments--> <value id="paypal" type="host">*.paypal.com</value> <!--Double Click--> <value id="doubleclick" type="host">*.doubleclick.net</value> </values> </policy> <policy id="frame-src"> <values> <!--Criteo--> <value id="criteo" type="host">*.criteo.com</value> <value id="criteonet" type="host">*.criteo.net</value> <!--Hotjar--> <value id="hotjar" type="host">*.hotjar.com</value> <!--Google--> <value id="googlecom" type="host">*.google.com</value> <value id="googlein" type="host">*.google.co.in</value> <!--Github--> <value id="github" type="host">*.github.io</value> </values> </policy> <policy id="font-src"> <values> <!--CDN--> <value id="cloudflare" type="host">*.cloudflare.com</value> <!--Design--> <value id="googlefont" type="host">fonts.googleapis.com</value> <value id="maxcdn" type="host">*.bootstrapcdn.com</value> </values> </policy> </policies> </csp_whitelist> |
Clean the cache and check the site again. Probably all the Content security warnings will be removed by adding the above file in your module.
I think It will cover most of the domain, but if you face any other content security warnings then you can add the domain in the csp_whitelist.xml file.
Hope this article will help you to fix Magento 2.3.5 content security warnings.
If you want get query string params in controller file,...
Create di.xml and add the below code Magemonkey/Redirect/etc/frontend/di.xml [crayon-62838833e1a2b036232155/] Create...
You can try below code to change local date to...
Step 1: First you need to add registration.php file in...
Step1 : Override message.js in current theme file on the...
