With the most recent Magento release, CSP (Content Security Policy) became a lot more serious. However, instead of bluntly just enabling it or bluntly just disabling it, it makes more sense to see where it is needed and where not. On August 30th, we organize a free webinar to discuss things.
CSP and PCI compliance
There are a lot of sides to the CSP story that we feel are currently overlooked. For instance, CSP is required by PCI compliance. More precisely, next year, PCI 4 is activated which requires inline scripts to be protected by using CSP. This is actually what the Magento 2.4.7 release was about.
CSP and backend security
Another thing that is often overlooked is the fact that CSP simply protects you against evil third party scripts. And with CSP, the chances you are getting hacked via XSS attacks in the Magento Admin Panel are getting less as well. This might very well be a huge issue that is not properly discussed yet.
More questions
There are many other questions as well: Does your payment provider require PCI Compliance in your shop? What about third party scripts added via Google Tag Manager or alike? Are third party Magento extensions supporting CSP already or not? How to fix this? What about Hyvä? How about utilizing the browser to effectively generate Magento CSP rules? How to monitor CSP warnings?
A webinar: August 30th, 15:00 CEST
This is why we organize a free webinar to inform you of all aspects on CSP. Join us on Friday, August 30th 2024 from 15:00 to 16:00 CEST. There are going to be some presentations, but we'll also dive into your questions if you have any.
Further reading
Join our free webinar on August 30th on implementing CSP in Magento and whether you should deal with it or not
About the author
Jisse Reitsma is the founder of Yireo, extension developer, developer trainer and 3x Magento Master. His passion is for technology and open source. And he loves talking as well.