Magento 2.3.5 Content Security Policy false positive cdn fonts

Hello I am also just about to read in. If you have an own module in the app/code then you must create the following file.

app/code/modul_modul/etc/csp_whitelist.xml

Example:

<?xml version="1.0"?>
<!--
/**
 * Copyright  Magento, Inc. All rights reserved.
 * See COPYING.txt for license details.
 */
-->
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp/etc/csp_whitelist.xsd">
    <policies>
        <policy id="script-src">
            <values>
                <!--CDN-->
                <value id="cloudflare" type="host">*.cloudflare.com</value>

                <!--Google-->
                <value id="google-analytics" type="host">www.google-analytics.com</value>

                <!--Functions-->
                <value id="trustedshops" type="host">*.trustedshops.com</value>
                <value id="usercentrics" type="host">*.usercentrics.eu</value>
            </values>
        </policy>
        <policy id="style-src">
            <values>
                <!--CDN-->
                <value id="cloudflare" type="host">*.cloudflare.com</value>

                <!--Design-->
                <value id="typekit" type="host">*.typekit.net</value>

                <!--Functions-->
                <value id="trustedshops" type="host">*.trustedshops.com</value>
                <value id="usercentrics" type="host">*.usercentrics.eu</value>
            </values>
        </policy>
        <policy id="img-src">
            <values>
                <!--CDN-->
                <value id="cloudflare" type="host">*.cloudflare.com</value>
                <value id="klarna-base" type="host">https://cdn.klarna.com</value>

                <!--Payments-->
                <value id="paypal" type="host">*.paypal.com</value>

                <!--Video-->
                <value id="vimeocdn" type="host">*.vimeocdn.com</value>
                <value id="youtube-img" type="host">https://s.ytimg.com</value>

                <!--Functions-->
                <value id="usercentrics" type="host">*.usercentrics.eu</value>
            </values>
        </policy>
        <policy id="connect-src">
            <values>
                <!--CDN-->
                <value id="cloudflare" type="host">*.cloudflare.com</value>

                <!--Payments-->
                <value id="paypal" type="host">*.paypal.com</value>
            </values>
        </policy>
        <policy id="font-src">
            <values>
                <!--CDN-->
                <value id="cloudflare" type="host">*.cloudflare.com</value>

                <!--Design-->
                <value id="typekit" type="host">*.typekit.net</value>

                <!--Functions-->
                <value id="trustedshops" type="host">*.trustedshops.com</value>
            </values>
        </policy>
    </policies>
</csp_whitelist>

in your case

<?xml version="1.0"?>
<!--
/**
 * Copyright  Magento, Inc. All rights reserved.
 * See COPYING.txt for license details.
 */
-->
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp/etc/csp_whitelist.xsd">
    <policies>
        <policy id="script-src">
            <values>
                <value id="fontawesome" type="host">*.fontawesome.com</value>
            </values>
        </policy>
    </policies>
</csp_whitelist>

You can just disable Magento_Csp entirely in Magento 2.3.5 since it offers little or no value.

More info https://maxchadwick.xyz/blog/magento-2-3-5-csp-fools-errand https://maxchadwick.xyz/blog/magento-disable-csp

Magento 2.3.5 Content Security Policy false positive cdn fonts

Tags:

Upgrade

Magento2.3

Magento2.3.5

Related

Recent Posts