You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue
As of the most recent security patch releases and the Magento 2.4.7 release Adobe has enforced strict content security policy (CSP) instead of the report-only configuration from previous releases. In my case upgrading from 2.4.5-p7 to 2.4.5-p8 enforced this change, in testing I've found CSP-related errors thrown in console when proceeding to the checkout.
Affected Versions
Issue
As of the most recent security patch releases and the Magento 2.4.7 release Adobe has enforced strict content security policy (CSP) instead of the report-only configuration from previous releases. In my case upgrading from 2.4.5-p7 to 2.4.5-p8 enforced this change, in testing I've found CSP-related errors thrown in console when proceeding to the checkout.
This is outlined by Adobe in the patch release notes that strict CSP is now enforced:
https://experienceleague.adobe.com/en/docs/commerce-operations/release/notes/security-patches/2-4-5-patches#additional-security-enhancements
Workaround
There is a workaround outlined by Sansec by turning CSP back to report-only mode however this will be non-compliant with the changes coming into effect with PCI DSS as of April next year.
https://sansec.io/guides/magento-csp#disable-strict-csp-on-checkout
Solution
Zip must be patched to be compatible with Magento when strict content security policy (CSP) is enabled.
The text was updated successfully, but these errors were encountered: