Merge pull request #45 from stape-io/feature/remove-unnecessary-csp

chaikovskyia · web-flow · commit daeca843555c · 2025-07-08T23:30:47.000+03:00
Removed unnecessary CSP rules
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog
 
+v1.0.26
+- removed unneeded CSP rules
+
 v1.0.24
 - added caching of cookie domain when generating _sbp cookie
 - Fixed issue with the overridden price formatter pattern
diff --git a/Plugin/CspObserverPlugin.php b/Plugin/CspObserverPlugin.php
@@ -51,30 +51,21 @@ public function __construct(
      */
     public function beforeExecute(ObserverInterface $subject, $observer)
     {
-        // phpcs:disable
-        $customDomain = parse_url($this->configProvider->getCustomDomain() ?? '', PHP_URL_HOST);
-        // phpcs:enable
-
+        $customDomain = $this->configProvider->getCustomDomain();
         if (!$this->configProvider->isActive() || empty($customDomain)) {
             return [$observer];
         }
 
         $scriptPolicy = $this->fetchPolicyFactory->create([
             'id' => 'script-src',
             'hostSources' => [$customDomain],
-            'schemeSources' => ['https'],
             'noneAllowed' => false,
-            'selfAllowed' => true,
-            'inlineAllowed' => true
         ]);
 
         $connectPolicy = $this->fetchPolicyFactory->create([
             'id' => 'connect-src',
             'hostSources' => [$customDomain],
-            'schemeSources' => ['https'],
             'noneAllowed' => false,
-            'selfAllowed' => true,
-            'inlineAllowed' => true
         ]);
 
         $this->dynamicCollector->add($scriptPolicy);
diff --git a/composer.json b/composer.json
@@ -5,7 +5,7 @@
     "license": [
         "GPL-3.0-only"
     ],
-    "version": "1.0.25",
+    "version": "1.0.26",
     "require": {
         "php": ">=7.4.0",
         "jeremykendall/php-domain-parser": "^6.0"
diff --git a/etc/module.xml b/etc/module.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../../../../../lib/internal/Magento/Framework/Module/etc/module.xsd">
-    <module name="Stape_Gtm" schema_version="1.0.25" setup_version="1.0.25">
+    <module name="Stape_Gtm" schema_version="1.0.26" setup_version="1.0.26">
         <sequence>
             <module name="Magento_Backend" />
             <module name="Magento_Catalog" />
