LokiCheckout_Csp

Core

This is an add-on package for enforcing the CSP Restrictive Mode in the checkout, including the Alpine CSP Build and removing the unsafe-inline and unsafe-eval policies. This is required to be fully compliant with PCI DSS v4.

Installation

Install this package via composer (assuming you have setup the composer.yireo.com repository correctly already):

composer require loki-checkout/magento2-csp

Next, enable this module:

bin/magento module:enable LokiCheckout_Csp

Usage notes

Note that this module only covers CSP rules for the LokiCheckout extensions. Your theme still requires work as well to work together with the no-unsafe-inline and no-unsafe-eval policies.

Support

For getting support, create an Issue under the following project URL:

https://gitlab.yireo.com/loki-checkout/LokiCheckout_Csp

Module Dependencies

The following dependencies are declared in the module its `etc/module.xml` file:

Magento_Store LokiCheckout_Core Yireo_CspUtilities
Composer details
Magento module name
LokiCheckout_Csp
Composer name
loki-checkout/magento2-csp
Composer version
2.0.5
Default branch
main
Requirements
magento/framework: ^103.0
loki-checkout/magento2-core: ^2.0
yireo/magento2-csp-utilities: ^1.0
Releases
dev-main 28 August 2025
2.0.5 28 August 2025
2.0.4 26 August 2025
2.0.3 21 August 2025
2.0.2 19 August 2025
2.0.1 07 August 2025
2.0.0 22 July 2025
Changelog

[2.0.5] - 28 August 2025

Fixed

  • Add CI files
  • Replace yireo/opensearch with yireo/opensearch-dummy in Gitlab CI

[2.0.4] - 26 August 2025

Fixed

  • Rename Alpine CSP template
  • Load Alpine Mask under Luma properly
  • Add GitLab CI files

[2.0.3] - 21 August 2025

Fixed

  • Add defer back to Alpine CSP loadig
  • Fix newlines after comments
  • Add escaping of template code
  • Remove defer from Alpine to load things faster

[2.0.2] - 19 August 2025

Fixed

  • Lower requirements to PHP 8.1

[2.0.1] - 07 August 2025

Fixed

  • Lower PHP requirement to PHP 8.2+

[2.0.0] - 22 July 2025

Fixed

  • Bump LokiCheckout_Core to 2.0.0
  • Rename PHP namespace from Yireo_Loki* to Loki*
  • Rename composer package from yireo/magento2-loki* to loki/magento2*

[1.0.5] - 08 July 2025

Fixed

  • Generate new MODULE.json with simple test count
  • Allow PHP 8.4 in CI

[1.0.4] - 28 April 2025

Fixed

  • Properly add CSP to Luma-themes

[1.0.3] - 25 April 2025

Fixed

  • Allow upgrading to LokiFieldComponents and LokiCheckout 1.0
  • Update Alpine CSP built

[1.0.2] - 08 April 2025

Fixed

  • Housekeeping

[1.0.1] - 22 February 2025

  • Change deps
  • Add proper README
  • Replace TODO.md with TODO.json

[1.0.0] - 21 January 2025

  • Add proper deps
  • Initial release

Last modified: July 22, 2025