You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Maybe other scripts are also affected, I haven't checked everything.
More details
Explanation (quoted from Adobe documentation):
In Adobe Commerce and Magento Open Source version 2.4.7 and later, CSP is configured in restrict-mode by default for payment pages in the storefront and admin areas, and in report-only mode for all other pages. The corresponding CSP header does not contain the unsafe-inline keyword inside the script-src directive for payment pages. Also, only whitelisted inline scripts are allowed.
Preconditions
Magento Version : CE 2.4.7
ElasticSuite Version : 2.11.6.1
Environment : Developer
Third party modules : many
Steps to reproduce
Expected result
Actual result
One comes from this script: https://github.com/Smile-SA/elasticsuite/blob/2.11.6.1/src/module-elasticsuite-tracker/view/frontend/templates/config.phtml
The other from this script: https://github.com/Smile-SA/elasticsuite/blob/2.11.6.1/src/module-elasticsuite-tracker/view/frontend/templates/variables/page.phtml
Maybe other scripts are also affected, I haven't checked everything.
More details
Explanation (quoted from Adobe documentation):
Adobe recommends to fix this using the
SecureHtmlRenderer
View Helper so anonce
is set to thescript
tag: https://developer.adobe.com/commerce/php/development/security/content-security-policies/#whitelist-an-inline-script-or-styleThe text was updated successfully, but these errors were encountered: