How to Whitelist Inline Script for CSP | Content Security Policies

Content Security Policy is an extra layer of security to reduce attacks of Cross-Site Scripting. Magento supports CSP from Magento 2.3.5 version. Magento_Csp native module has logic in Magento to manage the CSP. In Magento, if you want to whitelist any script and style then you can easily do it by creating one file csp_whitelist.xml under your custom module’s \etc directory and then you can add any script and style to that file and that script and style which will be bypassed from CSP. Click here to check the csp_whitelist.xml sample file.

Continue reading “How to Whitelist Inline Script for CSP | Content Security Policies”

Magento 2 Get Vault Payment Token from Order

If Magento 2 website has a feature to save credit cards for future use, then in reality, full credit card data is never saved to Magento database, but each payment gateway generates one token for the credit card and Magento saves that payment token.

Sometimes merchant wants to fetch that saved payment token with an order and pass that payment token to some ERP or somewhere else then you can get that payment token using order data.

Continue reading “Magento 2 Get Vault Payment Token from Order”