Configurable Csp Optionen

Navigieren Sie zu Techdivision >> Configurable CSP

Section Option Value Default Beschreibung

Section	Option	Value	Default	Beschreibung
Configurable Content Security Policies	CSP-Mapping	Map	Null	Map von URLs oder Hashes zu CSP-Typen mit Kommentarfunktion.
Configurable Content Security Policies	Collected CSP Whitelist	Map	Null	Auflistung aller CSPs, die im Code durch `csp_whitelist.xml`-Dateien erfasst und gepflegt werden

Configurable Content Security Policies

CSP-Mapping

Map

Null

Map von URLs oder Hashes zu CSP-Typen mit Kommentarfunktion.

Configurable Content Security Policies

Collected CSP Whitelist

Map

Null

Auflistung aller CSPs, die im Code durch csp_whitelist.xml-Dateien erfasst und gepflegt werden

Nach Stores > Configuration > Security > Content Security Policy CSP navigieren

Report Urls für das Report-Grid setzen
Report-Only gibt an, ob nur Reports gesendet werden oder ob die url auch gesperrt wird
Möglichkeit Scripts-Src, Scripts-Elem und Scripts-Attr z.B. auf Strict-Dynamic zu setzen.

Section	Option	Value	Default	Beschreibung
Admin Default	Report Uri	Null	Null	URI to report CSP violations in admin area. Used for all admin pages that don’t have own URI configured above.
Storefront Default	Report Uri	Null	Null	URI to report CSP violations on storefront. Used for all storefront pages that don’t have own URI configured above.
Admin > Create Order	Report Uri	Null	Null	If empty, Default Report URI for admin area will be used.
Storefront > One Page Checkout	Report Uri	Null	Null	If empty, Default Report URI for storefront will be used.

Section

Option

Value

Default

Beschreibung

Admin Default

Report Uri

Null

URI to report CSP violations in admin area. Used for all admin pages that don’t have own URI configured above.

Storefront Default

Report Uri

Null

URI to report CSP violations on storefront. Used for all storefront pages that don’t have own URI configured above.

Admin > Create Order

Report Uri

Null

If empty, Default Report URI for admin area will be used.

Storefront > One Page Checkout

Report Uri

Null

If empty, Default Report URI for storefront will be used.

Section	Option	Value	Default	Beschreibung
Scripts	Self	YES/NO	YES
Scripts	Unsafe Inline	YES/NO	YES
Scripts	Unsave Eval	YES/NO	YES
Scripts	Strict Dynamic	YES/NO	NO	Explicit allowed scripts (via nonce or hash) are permitted to execute additional scripts. Host directives are ignored when active
Scripts	Add Fallback	YES/NO	NO	Add fallback for older browsers (allow all, if strict dynamic is unsupported)
Scripts Elem	Self	YES/NO	YES
Scripts Elem	Unsafe Inline	YES/NO	YES
Scripts Elem	Unsave Eval	YES/NO	YES
Scripts Elem	Strict Dynamic	YES/NO	NO	Explicit allowed scripts (via nonce or hash) are permitted to execute additional scripts. Host directives are ignored when active
Scripts Elem	Add Fallback	YES/NO	NO	Add fallback for older browsers (allow all, if strict dynamic is unsupported)
Scripts Attr	Self	YES/NO	YES
Scripts Attr	Unsafe Inline	YES/NO	YES
Scripts Attr	Unsave Eval	YES/NO	YES
Scripts Attr	Strict Dynamic	YES/NO	NO	Explicit allowed scripts (via nonce or hash) are permitted to execute additional scripts. Host directives are ignored when active
Scripts Attr	Add Fallback	YES/NO	NO	Add fallback for older browsers (allow all, if strict dynamic is unsupported)

Section

Option

Value

Default

Beschreibung

Scripts

Self

YES/NO

YES

Scripts

Unsafe Inline

YES/NO

YES

Scripts

Unsave Eval

YES/NO

YES

Scripts

Strict Dynamic

YES/NO

Explicit allowed scripts (via nonce or hash) are permitted to execute additional scripts. Host directives are ignored when active

Scripts

Add Fallback

YES/NO

Add fallback for older browsers (allow all, if strict dynamic is unsupported)

Scripts Elem

Self

YES/NO

YES

Scripts Elem

Unsafe Inline

YES/NO

YES

Scripts Elem

Unsave Eval

YES/NO

YES

Scripts Elem

Strict Dynamic

YES/NO

Explicit allowed scripts (via nonce or hash) are permitted to execute additional scripts. Host directives are ignored when active

Scripts Elem

Add Fallback

YES/NO

Add fallback for older browsers (allow all, if strict dynamic is unsupported)

Scripts Attr

Self

YES/NO

YES

Scripts Attr

Unsafe Inline

YES/NO

YES

Scripts Attr

Unsave Eval

YES/NO

YES

Scripts Attr

Strict Dynamic

YES/NO

Explicit allowed scripts (via nonce or hash) are permitted to execute additional scripts. Host directives are ignored when active

Scripts Attr

Add Fallback

YES/NO

Add fallback for older browsers (allow all, if strict dynamic is unsupported)

Configurable Csp Optionen

WIR HÄTTEN IHNEN DIESE MELDUNG AUCH GERNE ERSPART ...