Cspwhitelist

# CSP Whitelist Module for Magento 2 by Krish
This module allows you to add custom domains or hash to Magento's Content Security Policy (CSP) without creating csp_whitelist.xml file.

# Installation via composer

- composer require krish/module-csp-whitelist
- bin/magento module:enable Krish_CspWhitelist
- bin/magento setup:upgrade

# Features
- This module allows you to add external domains or hash in the Admin panel configuration.
- Set up CSP settings easily with a clear, user-friendly interface that makes the process straightforward.
- It supports hash-based CSP whitelisting.

# How to Use
You can add the domain or hash directly from admin panel configuration:

- Go to admin panel `Krish -> Content Security Policy(CSP) -> Configuration`
- Make sure the module is enabled
- Add a new row, select the policy ids and enter the domain/hash and select the correct policy type.
- Save the configuration

# Example
If you are getting an error like below in the browser console:

`Refused to load the script 'http://code.jquery.com/jquery-migrate-1.2.1.min.js' because it violates the following Content Security Policy directive: "script-src ..."`

Then configuration values will be:

- Policy Name: "script-src"
- Url/Hash: "code.jquery.com" or "*.code.jquery.com"
- Policy Type: "URL"

If you are getting an error like below in the browser console:

`Refused to execute inline script because it violates the following Content Security Policy directive: "script-src ..." Either the 'unsafe-inline' keyword, a hash ('sha256-JJJqa94vi0BHRguvWMQv/rPCpdN7be1G2Buw65jHV0U='), or a nonce ('nonce-...') is required to enable inline execution.`

Then configuration values will be:

- Policy Name: "script-src"
- Url/Hash: "JJJqa94vi0BHRguvWMQv/rPCpdN7be1G2Buw65jHV0U="
- Policy Type: "Hash"

# Supported Policies
base-uri
child-src
connect-src
default-src
font-src
form-action
frame-ancestors
frame-src
img-src
manifest-src
media-src
object-src
script-src
style-src