Skip to content

Commit 02dc172

Browse files
nathanjosiahnathanjosiah
authored
Merge pull request #5410 from magento-borg/MC-19929-23dev
[CIA] MC-19929: Create csp_whitelist.xml files
2 parents ddcfe67 + a9aeb9b commit 02dc172

File tree

14 files changed

+567
-63
lines changed

14 files changed

+567
-63
lines changed

app/code/Magento/AdminAnalytics/etc/csp_whitelist.xml

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!--
3+
/**
4+
* Copyright © Magento, Inc. All rights reserved.
5+
* See COPYING.txt for license details.
6+
*/
7+
-->
8+
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
9+
xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd">
10+
<policies>
11+
<policy id="script-src">
12+
<values>
13+
<value id="adobedtm" type="host">assets.adobedtm.com</value>
14+
</values>
15+
</policy>
16+
</policies>
17+
</csp_whitelist>

app/code/Magento/AdminNotification/etc/csp_whitelist.xml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!--
3+
/**
4+
* Copyright © Magento, Inc. All rights reserved.
5+
* See COPYING.txt for license details.
6+
*/
7+
-->
8+
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
9+
xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd">
10+
<policies>
11+
<policy id="img-src">
12+
<values>
13+
<value id="commerce_widgets" type="host">widgets.magentocommerce.com</value>
14+
</values>
15+
</policy>
16+
</policies>
17+
</csp_whitelist>
18+

app/code/Magento/Authorizenet/etc/csp_whitelist.xml

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!--
3+
/**
4+
* Copyright © Magento, Inc. All rights reserved.
5+
* See COPYING.txt for license details.
6+
*/
7+
-->
8+
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
9+
xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd">
10+
<policies>
11+
<policy id="script-src">
12+
<values>
13+
<value id="authorize_net_direct" type="host">secure.authorize.net</value>
14+
<value id="authorize_net_direct_test" type="host">test.authorize.net</value>
15+
</values>
16+
</policy>
17+
<policy id="frame-src">
18+
<values>
19+
<value id="authorize_net_direct" type="host">secure.authorize.net</value>
20+
<value id="authorize_net_direct_test" type="host">test.authorize.net</value>
21+
</values>
22+
</policy>
23+
<policy id="form-action">
24+
<values>
25+
<value id="authorize_net_direct" type="host">secure.authorize.net</value>
26+
<value id="authorize_net_direct_test" type="host">test.authorize.net</value>
27+
</values>
28+
</policy>
29+
</policies>
30+
</csp_whitelist>

app/code/Magento/AuthorizenetAcceptjs/etc/csp_whitelist.xml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!--
3+
/**
4+
* Copyright © Magento, Inc. All rights reserved.
5+
* See COPYING.txt for license details.
6+
*/
7+
-->
8+
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
9+
xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd">
10+
<policies>
11+
<policy id="script-src">
12+
<values>
13+
<value id="authorize_net_js" type="host">js.authorize.net</value>
14+
<value id="authorize_net_jstest" type="host">jstest.authorize.net</value>
15+
</values>
16+
</policy>
17+
</policies>
18+
</csp_whitelist>

app/code/Magento/Braintree/etc/csp_whitelist.xml

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!--
3+
/**
4+
* Copyright © Magento, Inc. All rights reserved.
5+
* See COPYING.txt for license details.
6+
*/
7+
-->
8+
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
9+
xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd">
10+
<policies>
11+
<policy id="script-src">
12+
<values>
13+
<value id="paypal_objects" type="host">www.paypalobjects.com</value>
14+
<value id="braintree_js_gateway" type="host">js.braintreegateway.com</value>
15+
<value id="paypal_tag_gateway" type="host">www.paypal.com</value>
16+
</values>
17+
</policy>
18+
<policy id="img-src">
19+
<values>
20+
<value id="paypal_objects" type="host">www.paypalobjects.com</value>
21+
<value id="paypal_analytics" type="host">t.paypal.com</value>
22+
</values>
23+
</policy>
24+
</policies>
25+
</csp_whitelist>

app/code/Magento/CardinalCommerce/etc/csp_whitelist.xml

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!--
3+
/**
4+
* Copyright © Magento, Inc. All rights reserved.
5+
* See COPYING.txt for license details.
6+
*/
7+
-->
8+
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
9+
xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd">
10+
<policies>
11+
<policy id="script-src">
12+
<values>
13+
<value id="cardinal_commerce_geo_stag" type="host">geostag.cardinalcommerce.com</value>
14+
<value id="cardinal_commerce_1eaf_stag" type="host">1eafstag.cardinalcommerce.com</value>
15+
<value id="cardinal_commerce_geo" type="host">geoapi.cardinalcommerce.com</value>
16+
<value id="cardinal_commerce_1eaf" type="host">1eafapi.cardinalcommerce.com</value>
17+
<value id="cardinal_commerce_songbird" type="host">songbird.cardinalcommerce.com</value>
18+
<value id="cardinal_commerce_test" type="host">includestest.ccdc02.com</value>
19+
</values>
20+
</policy>
21+
<policy id="connect-src">
22+
<values>
23+
<value id="cardinal_commerce_geo_stag" type="host">geostag.cardinalcommerce.com</value>
24+
<value id="cardinal_commerce_geo" type="host">geo.cardinalcommerce.com</value>
25+
<value id="cardinal_commerce_1eaf_stag" type="host">1eafstag.cardinalcommerce.com</value>
26+
<value id="cardinal_commerce_1eaf" type="host">1eaf.cardinalcommerce.com</value>
27+
<value id="cardinal_commerce_cent_stag" type="host">centinelapistag.cardinalcommerce.com</value>
28+
<value id="cardinal_commerce_cent" type="host">centinelapi.cardinalcommerce.com</value>
29+
</values>
30+
</policy>
31+
<policy id="frame-src">
32+
<values>
33+
<value id="cardinal_commerce_geo_stag" type="host">geostag.cardinalcommerce.com</value>
34+
<value id="cardinal_commerce_geo" type="host">geo.cardinalcommerce.com</value>
35+
<value id="cardinal_commerce_1eaf_stag" type="host">1eafstag.cardinalcommerce.com</value>
36+
<value id="cardinal_commerce_1eaf" type="host">1eaf.cardinalcommerce.com</value>
37+
<value id="cardinal_commerce_cent_stag" type="host">centinelapistag.cardinalcommerce.com</value>
38+
<value id="cardinal_commerce_cent" type="host">centinelapi.cardinalcommerce.com</value>
39+
</values>
40+
</policy>
41+
<policy id="form-action">
42+
<values>
43+
<value id="cardinal_commerce_geo_stag" type="host">geostag.cardinalcommerce.com</value>
44+
<value id="cardinal_commerce_geo" type="host">geo.cardinalcommerce.com</value>
45+
<value id="cardinal_commerce_1eaf_stag" type="host">1eafstag.cardinalcommerce.com</value>
46+
<value id="cardinal_commerce_1eaf" type="host">1eaf.cardinalcommerce.com</value>
47+
<value id="cardinal_commerce_cent_stag" type="host">centinelapistag.cardinalcommerce.com</value>
48+
<value id="cardinal_commerce_cent" type="host">centinelapi.cardinalcommerce.com</value>
49+
</values>
50+
</policy>
51+
</policies>
52+
</csp_whitelist>

app/code/Magento/Csp/etc/config.xml

Lines changed: 202 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,208 @@
1616
<report_only>1</report_only>
1717
</admin>
1818
</mode>
19+
<policies>
20+
<storefront>
21+
<base>
22+
<policy_id>base-uri</policy_id>
23+
<self>1</self>
24+
<inline>1</inline>
25+
<eval>0</eval>
26+
<dynamic>0</dynamic>
27+
</base>
28+
<default>
29+
<policy_id>default-src</policy_id>
30+
<self>1</self>
31+
<inline>1</inline>
32+
<eval>1</eval>
33+
<dynamic>0</dynamic>
34+
</default>
35+
<children>
36+
<policy_id>child-src</policy_id>
37+
<self>1</self>
38+
<inline>1</inline>
39+
<eval>0</eval>
40+
<dynamic>0</dynamic>
41+
</children>
42+
<connections>
43+
<policy_id>connect-src</policy_id>
44+
<self>1</self>
45+
<inline>1</inline>
46+
<eval>0</eval>
47+
<dynamic>0</dynamic>
48+
</connections>
49+
<manifests>
50+
<policy_id>manifest-src</policy_id>
51+
<self>1</self>
52+
<inline>1</inline>
53+
<eval>0</eval>
54+
<dynamic>0</dynamic>
55+
</manifests>
56+
<media>
57+
<policy_id>media-src</policy_id>
58+
<self>1</self>
59+
<inline>1</inline>
60+
<eval>0</eval>
61+
<dynamic>0</dynamic>
62+
</media>
63+
<objects>
64+
<policy_id>object-src</policy_id>
65+
<self>1</self>
66+
<inline>1</inline>
67+
<eval>0</eval>
68+
<dynamic>0</dynamic>
69+
</objects>
70+
<styles>
71+
<policy_id>style-src</policy_id>
72+
<self>1</self>
73+
<inline>1</inline>
74+
<eval>0</eval>
75+
<dynamic>0</dynamic>
76+
</styles>
77+
<scripts>
78+
<policy_id>script-src</policy_id>
79+
<self>1</self>
80+
<inline>1</inline>
81+
<eval>1</eval>
82+
<dynamic>0</dynamic>
83+
</scripts>
84+
<images>
85+
<policy_id>img-src</policy_id>
86+
<self>1</self>
87+
<inline>1</inline>
88+
<eval>0</eval>
89+
<dynamic>0</dynamic>
90+
</images>
91+
<frames>
92+
<policy_id>frame-src</policy_id>
93+
<self>1</self>
94+
<inline>1</inline>
95+
<eval>0</eval>
96+
<dynamic>0</dynamic>
97+
</frames>
98+
<frame-ancestors>
99+
<policy_id>frame-ancestors</policy_id>
100+
<self>1</self>
101+
<inline>1</inline>
102+
<eval>0</eval>
103+
<dynamic>0</dynamic>
104+
</frame-ancestors>
105+
<forms>
106+
<policy_id>form-action</policy_id>
107+
<self>1</self>
108+
<inline>1</inline>
109+
<eval>0</eval>
110+
<dynamic>0</dynamic>
111+
</forms>
112+
<fonts>
113+
<policy_id>font-src</policy_id>
114+
<self>1</self>
115+
<inline>1</inline>
116+
<eval>0</eval>
117+
<dynamic>0</dynamic>
118+
</fonts>
119+
</storefront>
120+
<admin>
121+
<base>
122+
<policy_id>base-uri</policy_id>
123+
<self>1</self>
124+
<inline>1</inline>
125+
<eval>0</eval>
126+
<dynamic>0</dynamic>
127+
</base>
128+
<default>
129+
<policy_id>default-src</policy_id>
130+
<self>1</self>
131+
<inline>1</inline>
132+
<eval>1</eval>
133+
<dynamic>0</dynamic>
134+
</default>
135+
<children>
136+
<policy_id>child-src</policy_id>
137+
<self>1</self>
138+
<inline>1</inline>
139+
<eval>0</eval>
140+
<dynamic>0</dynamic>
141+
</children>
142+
<connections>
143+
<policy_id>connect-src</policy_id>
144+
<self>1</self>
145+
<inline>1</inline>
146+
<eval>0</eval>
147+
<dynamic>0</dynamic>
148+
</connections>
149+
<manifests>
150+
<policy_id>manifest-src</policy_id>
151+
<self>1</self>
152+
<inline>1</inline>
153+
<eval>0</eval>
154+
<dynamic>0</dynamic>
155+
</manifests>
156+
<media>
157+
<policy_id>media-src</policy_id>
158+
<self>1</self>
159+
<inline>1</inline>
160+
<eval>0</eval>
161+
<dynamic>0</dynamic>
162+
</media>
163+
<objects>
164+
<policy_id>object-src</policy_id>
165+
<self>1</self>
166+
<inline>1</inline>
167+
<eval>0</eval>
168+
<dynamic>0</dynamic>
169+
</objects>
170+
<styles>
171+
<policy_id>style-src</policy_id>
172+
<self>1</self>
173+
<inline>1</inline>
174+
<eval>0</eval>
175+
<dynamic>0</dynamic>
176+
</styles>
177+
<scripts>
178+
<policy_id>script-src</policy_id>
179+
<self>1</self>
180+
<inline>1</inline>
181+
<eval>1</eval>
182+
<dynamic>0</dynamic>
183+
</scripts>
184+
<images>
185+
<policy_id>img-src</policy_id>
186+
<self>1</self>
187+
<inline>1</inline>
188+
<eval>0</eval>
189+
<dynamic>0</dynamic>
190+
</images>
191+
<frames>
192+
<policy_id>frame-src</policy_id>
193+
<self>1</self>
194+
<inline>1</inline>
195+
<eval>0</eval>
196+
<dynamic>0</dynamic>
197+
</frames>
198+
<frame-ancestors>
199+
<policy_id>frame-ancestors</policy_id>
200+
<self>1</self>
201+
<inline>1</inline>
202+
<eval>0</eval>
203+
<dynamic>0</dynamic>
204+
</frame-ancestors>
205+
<forms>
206+
<policy_id>form-action</policy_id>
207+
<self>1</self>
208+
<inline>1</inline>
209+
<eval>0</eval>
210+
<dynamic>0</dynamic>
211+
</forms>
212+
<fonts>
213+
<policy_id>font-src</policy_id>
214+
<self>1</self>
215+
<inline>1</inline>
216+
<eval>0</eval>
217+
<dynamic>0</dynamic>
218+
</fonts>
219+
</admin>
220+
</policies>
19221
</csp>
20222
</default>
21223
</config>

app/code/Magento/GoogleAdwords/etc/csp_whitelist.xml

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!--
3+
/**
4+
* Copyright © Magento, Inc. All rights reserved.
5+
* See COPYING.txt for license details.
6+
*/
7+
-->
8+
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
9+
xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd">
10+
<policies>
11+
<policy id="script-src">
12+
<values>
13+
<value id="google_ad_services" type="host">www.googleadservices.com</value>
14+
<value id="google_analytics" type="host">www.google-analytics.com</value>
15+
</values>
16+
</policy>
17+
<policy id="img-src">
18+
<values>
19+
<value id="google_ad_services" type="host">www.googleadservices.com</value>
20+
<value id="google_analytics" type="host">www.google-analytics.com</value>
21+
</values>
22+
</policy>
23+
</policies>
24+
</csp_whitelist>

0 commit comments

Comments
 (0)