renttek
commented
5 days ago Hi. I just pushed a fix for this, including a new version/tag 1.0.3 👍 Can you check again if it now works for you?
Closed measureddesigns closed 4 days ago
renttek
commented
5 days ago Hi. I just pushed a fix for this, including a new version/tag 1.0.3 👍 Can you check again if it now works for you?
measureddesigns
commented
4 days ago Thanks @renttek , now installed but I'm having issues getting the CSP whitelist to work (category thumbnails are not showing due to inline js being blocked). I found this error in the logs; main.CRITICAL: Type Error occurred when creating object: IntegerNet\SansecWatch\Cron\UpdatePolicies, IntegerNet\SansecWatch\Cron\UpdatePolicies::__construct(): Argument #4 ($logger) must be of type Psr\Log\LoggerInterface, Magento\Framework\Logger\Handler\Base given, called in /xxxxx/public_html/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php on line 121
renttek
commented
4 days ago There was an error for the logger configuration, which I've fixed in https://github.com/integer-net/magento2-sansec-watch/commit/f5c34c3865fa97f4b28b55ff1e6db3a7e15c0a2f
A new version 1.0.5 is tagged/released 👍 (https://packagist.org/packages/integer-net/magento2-sansec-watch#1.0.5)
measureddesigns
commented
4 days ago Thanks, now installed. Basic question but do I need to do anything else to get it working. The integernet_sansecwatch.log says; main.INFO: Update is disabled [] I'm also still seeing CSP Report-Only policy js errors for things like FB pixel.
I also tried adding a Magento multi-site within sansec. It still says unnamed and 'waiting for incoming reports', although it was added a few hours ago.
renttek
commented
4 days ago Did you configure your sansec watch endpoint as Report URI in Magento? Once there are reports in sansec watch, this module only needs the UUID in the configuration and the enabled flag set in the config as well
measureddesigns
commented
4 days ago The module seems to be enabled ok, with the directive / host table populating. Clear FPC is set. I have an URL under Stores > Configuration > Security > CSP > Storefront Default : Report URL I've purged cache, varnish, reindexed.
I'm still getting these CSP errors; Content-Security-Policy: (Report-Only policy) The page’s settings would block an inline script (script-src-elem) from being executed because it violates the following directive: “script-src'. https://www.anthonyformalwear.co.uk/slim-fit-navy-tail-stripes.html
renttek
commented
4 days ago It seems like there are a few inline scripts which don't have a nonce set, also I can't see any nonces in your CSP header. This is very likely a Magento problem / infrastructure problem (as this module only adds an additional CSP policy collector for values saved in the DB synced from sansec.watch)
As long as the policies synced from sansec.watch are present in the content-security-policy-report-only/content-security-policy header, this module does what it was built to do 🙂
I would close this issue for now. If you need more assistance, there is also the Magento Open Source slack (magentocommeng.slack.com)
Hi,
I'm following the Sansec instructions to 'Set up automatic synchronization of your whitelist by installing the IntegerNet_SansecWatch module' on a Magento v2.4.7-p1 website.
However, I get a composer symfony/http-client error;
composer require integer-net/magento2-sansec-watch
Problem 1
Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions. You can also try re-running composer require with an explicit version constraint, e.g. "composer require integer-net/magento2-sansec-watch:*" to figure out if any version is installable, or "composer require integer-net/magento2-sansec-watch:^2.1" if you know which you need.
Thanks
Andrew