Yireo_LokiCheckoutCsp

Core

Latest Release 1.0.4

This is an add-on package for enforcing the CSP Restrictive Mode in the checkout, including the Alpine CSP Build and removing the unsafe-inline and unsafe-eval policies. This is required to be fully compliant with PCI DSS v4.

Installation

Install this package via composer (assuming you have setup the composer.yireo.com repository correctly already):

composer require yireo/magento2-loki-checkout-csp

Next, enable this module:

bin/magento module:enable Yireo_LokiCheckoutCsp

Usage notes

Note that this module only covers CSP rules for the LokiCheckout extensions. Your theme still requires work as well to work together with the no-unsafe-inline and no-unsafe-eval policies.

Support

For getting support, create an Issue under the following project URL:

https://gitlab.yireo.com/loki-checkout/Yireo_LokiCheckoutCsp

Module Dependencies

The following dependencies are declared in the module its `etc/module.xml` file:

Magento_Store Yireo_LokiCheckout Yireo_CspUtilities

Composer details

Magento module name

Yireo_LokiCheckoutCsp

Composer name

yireo/magento2-loki-checkout-csp

Composer version

1.0.4

Default branch

main

Requirements


                                    magento/framework: ^103.0

                                    yireo/magento2-loki-checkout: ~0.0 | ^1.0

                                    yireo/magento2-csp-utilities: ^1.0

Releases

dev-main	30 April 2025
1.0.4	28 April 2025
1.0.3	25 April 2025
1.0.2	08 April 2025
1.0.1	22 February 2025
1.0.0	21 January 2025

Changelog

[1.0.4] - 28 April 2025

Fixed

Properly add CSP to Luma-themes

[1.0.3] - 25 April 2025

Fixed

Allow upgrading to LokiFieldComponents and LokiCheckout 1.0
Update Alpine CSP built

[1.0.2] - 08 April 2025

Fixed

Housekeeping

[1.0.1] - 22 February 2025

Change deps
Add proper README
Replace TODO.md with TODO.json

[1.0.0] - 21 January 2025

Add proper deps
Initial release

Last modified: April 30, 2025

Loki Checkout 1.0