Yireo_LokiCheckoutCsp

This is an add-on package for enforcing the CSP Restrictive Mode in the checkout, including the Alpine CSP Build and removing the unsafe-inline and unsafe-eval policies. This is required to be fully compliant with PCI DSS v4.

Current status: Stable

Installation

Install this package via composer (assuming you have setup the composer.yireo.com repository correctly already):

composer require yireo/magento2-loki-checkout-csp

Next, enable this module:

bin/magento module:enable Yireo_LokiCheckoutCsp

Usage notes

Note that this module only covers CSP rules for the LokiCheckout extensions. Your theme still requires work as well to work together with the no-unsafe-inline and no-unsafe-eval policies.

Support

For getting support, create an Issue under the following project URL:

https://gitlab.yireo.com/loki-checkout/Yireo_LokiCheckoutCsp

Todo

Module

Module Setup

Intended functionality

Versions

dev-main	22 February 2025
1.0.1	22 February 2025
1.0.0	21 January 2025

Composer details

Magento module name	`Yireo_LokiCheckoutCsp`
Composer name	`yireo/magento2-loki-checkout-csp`
Composer version	1.0.1
Default branch	main
Requirements	`magento/framework: ^103.0 yireo/magento2-loki-checkout: ~0.0 yireo/magento2-csp-utilities: ^1.0`

Changelog

[1.0.1] - 22 February 2025

Change deps
Add proper README
Replace TODO.md with TODO.json

[1.0.0] - 21 January 2025

Add proper deps
Initial release

Last modified: January 26, 2025

Yireo - Loki Checkout