Let’s initiate a discussion!!
I got a solution by removing all the content security warnings by creating a module and adding the csp_whitelist.xml in the etc folder of the module.
Step 1: Create a module.
Step 2: Add csp_whitelist.xml in the etc folder of the module and copy-paste the below code in that file.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
<?xml version="1.0"?> <csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp/etc/csp_whitelist.xsd"> <policies> <policy id="script-src"> <values> <!--CDN--> <value id="cloudflare" type="host">*.cloudflare.com</value> <!--Google--> <value id="google-analytics" type="host">*.google-analytics.com</value> <value id="googlecom" type="host">*.google.com</value> <value id="googlein" type="host">*.google.co.in</value> <value id="gtmanager" type="host">*.googletagmanager.com</value> <value id="gstatic" type="host">*.gstatic.com</value> <!--Hotjar--> <value id="hotjar" type="host">*.hotjar.com</value> <!--Criteo--> <value id="criteo" type="host">*.criteo.com</value> <value id="criteonet" type="host">*.criteo.net</value> <!--Github--> <value id="github" type="host">*.github.io</value> </values> </policy> <policy id="style-src"> <values> <!--CDN--> <value id="cloudflare" type="host">*.cloudflare.com</value> <!--Design--> <value id="googlefont" type="host">fonts.googleapis.com</value> <value id="maxcdn" type="host">*.bootstrapcdn.com</value> </values> </policy> <policy id="img-src"> <values> <!--CDN--> <value id="cloudflare" type="host">*.cloudflare.com</value> <value id="klarna-base" type="host">https://cdn.klarna.com</value> <!--Payments--> <value id="paypal" type="host">*.paypal.com</value> <!--Video--> <value id="vimeocdn" type="host">*.vimeocdn.com</value> <value id="youtube-img" type="host">https://s.ytimg.com</value> <!--Google--> <value id="googlecom" type="host">*.google.com</value> <value id="googlein" type="host">*.google.co.in</value> <!--Data--> <value id="data" type="host">data:</value> </values> </policy> <policy id="connect-src"> <values> <!--Google--> <value id="google-analytics" type="host">*.google-analytics.com</value> <value id="gtmanager" type="host">*.googletagmanager.com</value> <!--CDN--> <value id="cloudflare" type="host">*.cloudflare.com</value> <!--Payments--> <value id="paypal" type="host">*.paypal.com</value> <!--Double Click--> <value id="doubleclick" type="host">*.doubleclick.net</value> </values> </policy> <policy id="frame-src"> <values> <!--Criteo--> <value id="criteo" type="host">*.criteo.com</value> <value id="criteonet" type="host">*.criteo.net</value> <!--Hotjar--> <value id="hotjar" type="host">*.hotjar.com</value> <!--Google--> <value id="googlecom" type="host">*.google.com</value> <value id="googlein" type="host">*.google.co.in</value> <!--Github--> <value id="github" type="host">*.github.io</value> </values> </policy> <policy id="font-src"> <values> <!--CDN--> <value id="cloudflare" type="host">*.cloudflare.com</value> <!--Design--> <value id="googlefont" type="host">fonts.googleapis.com</value> <value id="maxcdn" type="host">*.bootstrapcdn.com</value> </values> </policy> </policies> </csp_whitelist> |
Clean the cache and check the site again. Probably all the Content security warnings will be removed by adding the above file in your module.
I think It will cover most of the domain, but if you face any other content security warnings then you can add the domain in the csp_whitelist.xml file.
Hope this article will help you to fix Magento 2.3.5 content security warnings.
[crayon-641f072eaafe2253899030/] Using above fucntion Images can be imported directly from...
Override view block using di.xml and add the below code...
You can check a list of called layout XML for...
Follow the below steps to install and set up PWA...
If you want to remove all leading zero's from order,...
Let our Magento expert connect to discuss your requirement.
We offer Magento
certified developers.
Our Magento clientele
is 500+.
We sign NDA for the
security of your projects.
We’ve performed 100+
Magento migration projects.
Free quotation
on your project.
Three months warranty on
code developed by us.