Download the PHP package hk2/csp without Composer
On this page you can find all versions of the php package hk2/csp. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Package csp
Short Description HK2 CSP Whitelisting for Magento version 2.3.5 or above includes major URLs such as Cloudflare, Google Analytics, Google Fonts, Fontawesome, AddThis, Googleapis, Facebook Graph, Pinterest, Vimeo, Twitter, TrustPilot, NitroPack/NitroCDN, jsdelivr.net, Tailwind CSS CDN, and ContentSquare. One can disable Magento 2 CSP. However, Disabling results in more possibilities of attacks on the Magento store. (CSP) are a powerful tool to mitigate against Cross Site Scripting (XSS) and related attacks.
License MIT
Homepage https://www.basantmandal.in/
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package csp
HK2 CSP Whitelisting
HK2 CSP Whitelisting for Magento version 2.3.5 or above includes major URLs such as Cloudflare, Google Analytics, Google Fonts, Fontawesome, AddThis, Googleapis, Facebook Graph, Pinterest, Vimeo, Twitter, TrustPilot, NitroPack/NitroCDN, jsdelivr.net, Tailwind CSS CDN, and ContentSquare
One can disable Magento 2 CSP. However, Disabling results in more possibilities of attacks on the Magento store. (CSP) are a powerful tool to mitigate against Cross Site Scripting (XSS) and related attacks.
Please Note :- This module Whitelist CSP in Magento Store Frontend.
π° Account & Pricing
This is a Open Source - Free to use Module. No charge or any fee is there to use it.
π§ Features
- Fully Customizable as per your Store needs. Check How to Configure Section for more details.
- Simple, Open Source & Free
- CSP is not disabled rather specific listed urls are whitelisted, keeping your Magento Store Safe.
Some of the URL Whitelisted
- Addthis (moatads is a part of Addthis)
- Cloudflare
- Facebook Graph
- Fontawesome
- Google Analytics, Google Fonts, Gstatic, Google Tag Manager & Googleapis
- Trust Pilot
- Vimeo
- ContentSqaure
- Nitropack/NitroCDN
- Tailwind
- jsdelivr.net
π Supported Version
- Magento v2.3.5, 2.4.x
How to install
Method 1: Install ready-to-paste package
Download Link - HK2 - CSP - (https://github.com/basantmandal/HK2-CSP/releases/tag/1.0.3)
Download the zip package and unzip it in app/code folder.
Enable Extension
Disable Extension
Method 2: Install via composer (Recommend)
Run the following command in Magento 2 root folder
How to Configure?
You can add a domain to the whitelist for a policy (like script-src, style-src, font-src and others) by updating the csp_whitelist.xml present in /app/code/HK2/Csp/etc/csp_whitelist.xml . Please only create rules for URLs that you have verified as safe & safe for your Magento Store. Ensure that you use a unique "id" (e.g. the URL) for each entry within its group. Below screenshot describes Policy Name & Description.
π οΈ Maintenance mode
You may want to enable the maintenance mode when installing or updating the module, especially when working on a production website. To do so, run the two commands below before and after running the other setup commands:
Enable Maintenance Mode
Disable Maintenance Mode
π€« Privacy
This extension does not read, change, store, or transmit any of your personal data (e.g., logins, passwords, messages, contacts) from any of the sites or your computer in absolutely any form.
π« Support
For support or any bug report or changes mail me at - [email protected]
π Bug Report
Please open an issue on GitHub.
When filing a bug remember that the better written the bug is, the more likely it is to be fixed.
You can also reach us at [email protected]
π° Contribution Guidelines π
Contributions are welcome! If youβd like to contribute to this project:
- Fork the repository.
- Create a new branch (git checkout -b feature/your-feature-name).
- Make your changes and commit them (git commit -am 'Add new feature').
- Push to the branch (git push origin feature/your-feature-name).
- Open a pull request.
Please Note :- I may be a bit delayed in responding or slow in responding due to low amount of free time. I apologize for the inconvenience and I appreciate your patience
π License
Copyright (c) 2022, 2025 Basant Mandal (HK2 - Hash Tag Kitto)
π€ Consent
By using HK2 CSP Whitelisting Module, you hereby consent to our disclaimer and agree to its terms.
π’ Disclaimer
Basant Mandal (HK2 - Hash Tag Kitto) does not make any warranties about the completeness, reliability and accuracy of this image or its related products. Any action you take upon the information you find here is strictly at your own risk.
Basant Mandal (HK2 - Hash Tag Kitto) will not be liable for any losses and/or damages in connection with the use of our website.
πLike my work? Help Us
Please rate my project or give some stars at https://github.com/basantmandal/HK2-CSP. You can also contribute to make my Open Source Contribution more frequent and help others - https://www.buymeacoffee.com/basantmandal or https://www.basantmandal.in/buymecoffee
π« Feedback
If you have any feedback, please reach out to us at [email protected]
π‘οΈ License
π Links
