Merge pull request #75 from unzerdev/csp_changes

Csp changes

Author: benjamin-lam

CHANGELOG.md

@@ -3,7 +3,12 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.1.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
-## [3.3.0](https://github.com/unzerdev/magento2/compare/3.2.2..3.3.0)
+## [3.2.4](https://github.com/unzerdev/magento2/compare/3.2.3..3.2.4)
+### Changed
+* Updated CSP Whitelist
+* Added deprecated warnings for Heidelpay / CSP
+
+## [3.2.3](https://github.com/unzerdev/magento2/compare/3.2.2..3.2.3)
 ### Added
 * ApplePay V2
 

composer.json

@@ -2,7 +2,7 @@
     "name": "unzerdev/magento2",
     "description": "This extension for Magento 2 provides a direct integration of the Unzer payment types to your Magento 2 shop via the Unzer Payment API (PAPI).",
     "type": "magento2-module",
-    "version": "3.2.2",
+    "version": "3.2.4",
     "license": "Apache-2.0",
     "require": {
         "php": "~7.4.0|~8.1.0|~8.2.0|~8.3.0",

etc/csp_whitelist.xml

@@ -1,45 +1,75 @@
 <?xml version="1.0"?>
 <csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd">
     <policies>
+        <!-- SCRIPT-SRC -->
         <policy id="script-src">
             <values>
                 <value id="unzer-ui-js" type="host">https://static.unzer.com</value>
                 <value id="apple-js" type="host">https://applepay.cdn-apple.com</value>
                 <value id="google-pay" type="host">https://pay.google.com</value>
                 <value id="jquery-js" type="host">https://code.jquery.com</value>
                 <value id="threatmetrix" type="host">https://h.online-metrix.net</value>
+                <value id="threatmetrix-64" type="host">https://h64.online-metrix.net</value>
             </values>
         </policy>
+
+        <!-- CONNECT-SRC -->
         <policy id="connect-src">
             <values>
-                <value id="unzer-payment-1" type="host">https://payment.unzer.com</value>
-                <value id="unzer-payment-2" type="host">https://payment.heidelpay.com</value>
-                <value id="unzer-payment-3" type="host">https://sbx-payment.heidelpay.com</value>
+                <!-- Unzer Payment APIs -->
                 <value id="unzer-api-1" type="host">https://api.unzer.com</value>
-                <value id="unzer-api-2" type="host">https://api.heidelpay.com</value>
-                <value id="unzer-api-3" type="host">https://sbx-api.heidelpay.com</value>
+                <value id="unzer-api-heidelpay-deprecated" type="host">https://api.heidelpay.com</value>
+                <value id="unzer-api-sbx-heidelpay-deprecated" type="host">https://sbx-api.heidelpay.com</value>
+                <value id="unzer-api-4" type="host">https://sbx-api.unzer.com</value>
+                
+                <!-- Payment Frames -->
+                <value id="unzer-payment-1" type="host">https://payment.unzer.com</value>
+                <value id="unzer-payment-heidelpay-deprecated" type="host">https://payment.heidelpay.com</value>
+                <value id="unzer-payment-sbx-heidelpay-deprecated" type="host">https://sbx-payment.heidelpay.com</value>
+                <value id="unzer-payment-4" type="host">https://sbx-payment.unzer.com</value>
+
+                <!-- ThreatMetrix -->
                 <value id="threatmetrix" type="host">https://h.online-metrix.net</value>
+                <value id="threatmetrix-64" type="host">https://h64.online-metrix.net</value>
+
+                <!-- Google Pay -->
                 <value id="google-pay-1" type="host">https://google.com/pay</value>
                 <value id="google-pay-2" type="host">https://www.google.com/pay</value>
                 <value id="google-pay-3" type="host">https://pay.google.com</value>
+                <value id="hpcgw" type="host">https://test-heidelpay.hpcgw.net/</value>
+                <value id="sbx" type="host">https://sbx-api.heidelpay.com/</value>
             </values>
         </policy>
+
+        <!-- FRAME-SRC -->
         <policy id="frame-src">
             <values>
-                <value id="unzer-frame-1" type="host">https://payment.unzer.com/</value>
-                <value id="unzer-frame-2" type="host">https://payment.heidelpay.com/</value>
-                <value id="unzer-frame-3" type="host">https://sbx-payment.heidelpay.com/</value>
+                <!-- Payment Frames -->
+                <value id="unzer-frame-1" type="host">https://payment.unzer.com</value>
+                <value id="unzer-frame-heidelpay-deprecated" type="host">https://payment.heidelpay.com</value>
+                <value id="unzer-frame-sbx-heidelpay-deprecated" type="host">https://sbx-payment.heidelpay.com</value>
+                <value id="unzer-frame-4" type="host">https://sbx-payment.unzer.com</value>
+
+                <!-- ThreatMetrix -->
                 <value id="threatmetrix" type="host">https://h.online-metrix.net</value>
+
+                <!-- Google Pay -->
                 <value id="google-pay-1" type="host">https://google.com/pay</value>
                 <value id="google-pay-2" type="host">https://pay.google.com/</value>
+                <value id="hpcgw" type="host">https://test-heidelpay.hpcgw.net/</value>
+                <value id="sbx" type="host">https://sbx-api.heidelpay.com/</value>
             </values>
         </policy>
+
+        <!-- FONT-SRC -->
         <policy id="font-src">
             <values>
                 <value id="unzer-fonts-src" type="host">https://static.unzer.com</value>
                 <value id="apple-font-src" type="host">https://applepay.cdn-apple.com</value>
             </values>
         </policy>
+
+        <!-- IMG-SRC -->
         <policy id="img-src">
             <values>
                 <value id="unzer-img-src" type="host">https://static.unzer.com</value>
@@ -48,4 +78,4 @@
             </values>
         </policy>
     </policies>
-</csp_whitelist>
+</csp_whitelist>

etc/module.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
-    <module name="Unzer_PAPI" setup_version="3.2.3">
+    <module name="Unzer_PAPI" setup_version="3.2.4">
         <sequence>
             <module name="Magento_Checkout"/>
             <module name="Magento_Config" />