0

I was previously running an instance of Magento 2.3.2 where I had a custom text box attribute that contained a HTML coded description for eBay, which was pulled through to eBay via M2ePro. This description called several external stylesheets via elements. It seems on updating to Magento 2.4.7, these elements have been restricted and are no longer being pulled through to my eBay descriptions, leaving unstyled descriptions. Is there a way of adding elements to Magento's 'whitelist' as I don't really want to have to edit 2000+ descriptions.

Any help would be gratefully received. TIA.

asked Mar 24 at 9:45

1 Answer 1

2

This is because of Content Security Policy (CSP).

What you are to do as you said is to whitelist the external ressources you want to allow to your website.

To do so, you need to create a custom; there i've been adding a custom module but you can do that in any module you want

app/code/Vendor/ContentSecurityPolicy/etc/csp_whitelist.xml

In this file you will say what you allow or now

Here is a sample of what you can have in the style section

 <policy id="style-src">
 <values>
 <value id="cloudflare" type="host">*.cloudflare.com</value>
 <value id="googleapis" type="host">*.googleapis.com</value>
 <value id="twitter.com" type="host">*.twitter.com</value>
 <value id="twimg" type="host">*.twimg.com</value>
 <value id="gstatic" type="host">*.gstatic.com</value>
 <value id="typekit" type="host">*.typekit.net</value>
 <value id="trustedshops" type="host">*.trustedshops.com</value>
 <value id="usercentrics" type="host">*.usercentrics.eu</value>
 <value id="fontawesome" type="host">*.fontawesome.com</value>
 <value id="datatables" type="host">*.datatables.net</value>
 </values>
 </policy>

Obviously this works for everything in the policy, frame, media, images etc etc; depending on your needs.

answered Mar 24 at 10:11
3
  • What I need to do is stop Magento blocking <link> elements so I can use external stylesheet on my eBay description. Will this do that? Commented Mar 24 at 10:22
  • @Andy Yes it will. TO whitelist link stylesheet it's the style-src policy. You can whitelist a full domain name like in this example or you can whitelist a direct full raw url if you want only to allow a specific file. Commented Mar 24 at 10:54
  • Thanks for your help. Turns out the issue wasn't Magento related as I'd assumed. It a cloudflare glitch not allowing eBay access to my stylesheet. Commented Mar 25 at 11:12

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.