Open nige-one opened 3 weeks ago
Since Magento 2.4.7 and 2.4.6-p1 strict CSP ruling is enabled in the Magento checkout (and adminhtml) area. This the module uses several inline <script> tags in its templates this needs to be adressed by making use of Magento CSP tooling functions.
<script>
Currently I'm experiencing a CSP violation for https://github.com/PAYONE-GmbH/magento-2/blob/f9b9922cd65fdabe73cf6d85214182574568c76f/view/frontend/templates/redirect_return.phtml. In my case it even renders empty since
https://github.com/PAYONE-GmbH/magento-2/blob/f9b9922cd65fdabe73cf6d85214182574568c76f/view/frontend/templates/redirect_return.phtml#L28
isn't always true. I guess it would be better to encapsulate the whole <script> stuff inside the if-block.
if
Thank you for your message.
I will forward your comments to our developers, who will implement this change if necessary.
Since Magento 2.4.7 and 2.4.6-p1 strict CSP ruling is enabled in the Magento checkout (and adminhtml) area. This the module uses several inline
<script>
tags in its templates this needs to be adressed by making use of Magento CSP tooling functions.Currently I'm experiencing a CSP violation for https://github.com/PAYONE-GmbH/magento-2/blob/f9b9922cd65fdabe73cf6d85214182574568c76f/view/frontend/templates/redirect_return.phtml. In my case it even renders empty since
https://github.com/PAYONE-GmbH/magento-2/blob/f9b9922cd65fdabe73cf6d85214182574568c76f/view/frontend/templates/redirect_return.phtml#L28
isn't always true. I guess it would be better to encapsulate the whole
<script>
stuff inside theif
-block.