Blog

The Content-Security-Policy directive ‘frame-ancestors’ does not support the source expression ”unsafe-inline” for allowed site

Lets talk about “The Content-Security-Policy directive ‘frame-ancestors’ does not support the source expression ”unsafe-inline” for allowed site”.

This is known issue in 2.4.3 release Magento doc. https://devdocs.magento.com/guides/v2.4/release-notes/open-source-2-4-3.html#known-issues.

So, for being time, we can fix this issue temporarily.

The solution is to creating own custom module to extending the Magento_Csp module.

Step 1: Declaration of Module

It is necessary to create etc folder and add the module.xml file in it

  app/code/Thecoachsmb/CustomCSP/etc/module.xml

Contents would be:

<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
<module name="Thecoachsmb_CustomCSP" > 
     <sequence> 
         <module name="Magento_Csp"/> 
     </sequence>
 </module> 
</config>

Step 2: Registration of Module

To register the module, create a registration.php file in the app/code/Thecoachsmb/CustomCSP/registration.php

Contents would be:

<?php
\Magento\Framework\Component\ComponentRegistrar::register(
	\Magento\Framework\Component\ComponentRegistrar::MODULE,
	'Thecoachsmb_CustomCSP',
	__DIR__
);

Step 3: Configuration of Module

In the app/code/Thecoachsmb/CustomCSP/etc/config.xml file we want to modify the frame-ancestor policy and set it to 0.

<?xml version="1.0"?>
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Store:etc/config.xsd">
<default>
    <csp>
        <policies>
            <storefront>
                <frame-ancestors>
                    <inline>0</inline>
                </frame-ancestors>
            </storefront>
            <admin>
                <frame-ancestors>
                    <inline>0</inline>
                </frame-ancestors>
            </admin>
        </policies>
    </csp>
</default>
</config>

Then run:

php bin/magento s:up && php bin/magento se:s:d -f && php bin/magento c:f

That’s it.

We would love to hear from you. Do comment below giving your feedback.

Leave a Reply

Your email address will not be published. Required fields are marked *