-
-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSP issue with inline scripts on checkout, after applying the 2.4.6-p6 patch #87
Comments
the patch for current version of this file:
|
@redo-interactive ... thank for the code, we already have all the coding done internally and will be releasing shortly after a full review since we will need to drop support for older version of Magento < 2.4.0 They seem to be a few issues and bug right here in your code You may have an issue when this getEmbeddedCode() is null
|
@srenon Oh you are right. Thank you. just updated the code. |
@srenon , could you share some details, when the new version will be available? |
After applying latest security patch from Adobe Commerce/Magento there is an issue on checkout, with inline script in
view/frontend/templates/js.phtml
There is a need to use
$secureRenderer->renderTag
to generate script with unique nonce.Magento version #:
2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9
Edition (EE, CE, OS, etc):
EE, CE, OS
Expected behavior:
js scripts won't break execution on checkout.
Actual behavior:
js scripts are breaking execution on checkout.
Steps to reproduce:
add product to the cart and go to checkout
Preconditions
M2/AC 2.4.6-p6, PHP 8.1
I have created a fix for this:
The text was updated successfully, but these errors were encountered: