Download the PHP package basecom/magento2-csp-split-header without Composer
On this page you can find all versions of the php package basecom/magento2-csp-split-header. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download basecom/magento2-csp-split-header
More information about basecom/magento2-csp-split-header
Files in basecom/magento2-csp-split-header
Package magento2-csp-split-header
Short Description Magento 2 module to split oversized CSP headers into multiple headers.
License MIT
Informations about the package magento2-csp-split-header
Basecom_CspSplitHeader Magento 2 Module
[!IMPORTANT]
As of Magento 2.4.7 it is no longer possible to deactivate the Magento CSP module.
With a growing Content Security Policies (CSP) whitelist, the problem can arise that the
headers Content-Security-Policy-Report-Only
and/or Content-Security-Policy
become so large that they exceed the
maximum permitted size of a header field, causing the web server to not process the response any further.
The CSP mechanism allows multiple policies to be specified for a resource, including via the Content-Security-Policy
header, the Content-Security-Policy-Report-Only
header and a meta
element [MDN].
Therefore, the headers can be specified more than once.
This is where the module comes into play. It implements an after method plugin for the
method Magento\Csp\Model\Policy\Renderer\SimplePolicyHeaderRenderer::render
, which replaces the existing CSP headers
via the method \Magento\Framework\App\Response\HttpInterface::setHeader
. The header is read, split so that the syntax
remains valid, and replaced by the new headers. The result is a separate header for each directive, each of which should
no longer exceed the maximum permitted length of the web server.
[!TIP] If the headers are too large even after splitting, try to identify unnecessary Magento modules and remove them.
Installation
-
Install it into your Magento 2 project with composer:
- Enable module
Configuration
Config | Default Value | Description |
---|---|---|
basecom_csp_split_header/settings/header_splitting_enable |
0 (disabled) | enables (1) / disables (0) the splitting of the CSP header |
basecom_csp_split_header/settings/max_header_size |
8190 | maximum allowed header field size |
These values can be updated in the system configuration under Basecom -> Content Security Policy -> Enable
.
Example
-
CSP splitting disabled
- CSP splitting enabled
Contributing
Please see CONTRIBUTING for details.
Security
If you discover any security related issues, please email [email protected] instead of using the issue tracker.
License
The MIT License (MIT). Please see License File for more information.
Copyright
© 2024 basecom GmbH & Co. KG
All versions of magento2-csp-split-header with dependencies
magento/framework Version *
magento/module-csp Version *
magento/module-config Version *
magento/module-backend Version *