Merge pull request #709 from Nosto/hotfix/5.0.6

Add CSP whitelist for nosto domains
Nosto · Sep 28, 2020 · 5a6fd6c · 5a6fd6c
2 parents af8bfb3 + af3b789
commit 5a6fd6c
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.
 
+# 5.0.6
+* Add Content Security Policy (CSP) whitelist 
+
 # 5.0.5
 * Fix an issue where if deleted user with ID 1, the indexer will throw foreign keys constraints errors
 

diff --git a/composer.json b/composer.json
@@ -2,7 +2,7 @@
   "name": "nosto/module-nostotagging",
   "description": "Increase your conversion rate and average order value by delivering your customers personalized product recommendations throughout their shopping journey.",
   "type": "magento2-module",
-  "version": "5.0.5",
+  "version": "5.0.6 ",
   "require-dev": {
     "php": ">=7.1.0",
     "phpmd/phpmd": "^2.5",

diff --git a/etc/csp_whitelist.xml b/etc/csp_whitelist.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0"?>
+<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp/etc/csp_whitelist.xsd">
+    <policies>
+        <policy id="script-src">
+            <values>
+                <value id="nosto" type="host">*.nosto.com</value>
+                <value id="nosto_dev" type="host">*.nos.to</value>
+            </values>
+        </policy>
+        <policy id="connect-src">
+            <values>
+                <value id="nosto" type="host">*.nosto.com</value>
+                <value id="nosto_dev" type="host">*.nos.to</value>
+            </values>
+        </policy>
+        <policy id="frame-src">
+            <values>
+                <value id="nosto" type="host">*.nosto.com</value>
+                <value id="nosto_dev" type="host">*.nos.to</value>
+            </values>
+        </policy>
+        <policy id="form-action">
+            <values>
+                <value id="nosto" type="host">*.nosto.com</value>
+                <value id="nosto_dev" type="host">*.nos.to</value>
+            </values>
+        </policy>
+        <policy id="img-src">
+            <values>
+                <value id="nosto" type="host">*.nosto.com</value>
+                <value id="nosto_dev" type="host">*.nos.to</value>
+            </values>
+        </policy>
+        <policy id="style-src">
+            <values>
+                <value id="nosto" type="host">*.nosto.com</value>
+                <value id="nosto_dev" type="host">*.nos.to</value>
+            </values>
+        </policy>
+    </policies>
+</csp_whitelist>
diff --git a/etc/module.xml b/etc/module.xml
@@ -37,5 +37,5 @@
 <!--suppress XmlUnboundNsPrefix -->
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
-    <module name="Nosto_Tagging" setup_version="5.0.5"/>
+    <module name="Nosto_Tagging" setup_version="5.0.6"/>
 </config>