My local dev site (Magento 2.4.6-p2) is running on a non-standard https port – 8443, so the url is https://dev.mysite.com:8443. When I try to load the site’s logo in the design config page I am getting the CSP error:
Refused to load the image ‘blob:https://dev.mysite.com:8443/763a918d-8c49-4075-81c9-eef85867cf18′
I’ve tried everything I could think of, but I am unable to fix it. The database is updated, but the image doesn’t upload to the site, and the frontend throws a 404 when it tries to load the logo in the header.
I am pretty sure it’s the 8443 port that’s the problem.
Any ideas how I can whitelist this? See below my CPS whitelist.xml:
<?xml version="1.0"?>
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd">
<policies>
<policy id="script-src">
<values>
<value id="magento" type="host">https://magento.com</value>
<value id="cloudflare" type="host">*.cloudflare.com</value>
<value id="cloudflare2" type="host">cdnjs.cloudflare.com</value>
<value id="twitter.com" type="host">*.twitter.com</value>
<value id="fontawesome" type="host">*.fontawesome.com</value>
<value id="adobe" type="host">*.adobe.com</value>
<value id="adobetm" type="host">assets.adobedtm.com</value>
<value id="gtm" type="host">*.googletagmanager.com</value>
<value id="googleads" type="host">*.googleadservices.com</value>
<value id="googleads2" type="host">*.g.doubleclick.net</value>
<value id="paypalobjects" type="host">*.paypalobjects.com</value>
<value id="meetanshi" type="host">*.meetanshi.com</value>
<value id="stripe" type="host">*.stripe.com</value>
<value id="klarna" type="host">*.klarna.com</value>
<value id="paypal" type="host">*.paypal.com</value>
<value id="googleapis" type="host">maps.googleapis.com</value>
<value id="analytics" type="host">analytics.google.com</value>
<value id="newrelic-js-agent" type="host">js-agent.newrelic.com</value>
<value id="nr-data-bam" type="host">bam.nr-data.net</value>
<value id="jquery" type="host">code.jquery.com</value>
<value id="jsdelivr" type="host">cdn.jsdelivr.net</value>
<value id="facebook" type="host">connect.facebook.net</value>
</values>
</policy>
<policy id="style-src">
<values>
<value id="maxcdn" type="host">maxcdn.bootstrapcdn.com</value>
<value id="jsdelivr" type="host">cdn.jsdelivr.net</value>
</values>
</policy>
<policy id="font-src">
<values>
<value id="maxcdn" type="host">maxcdn.bootstrapcdn.com</value>
</values>
</policy>
<policy id="connect-src">
<values>
<value id="analytics" type="host">analytics.google.com</value>
<value id="doubleclick" type="host">stats.g.doubleclick.net</value>
<value id="doubleclick2" type="host">*.g.doubleclick.net</value>
<value id="demdex" type="host">dpm.demdex.net</value>
<value id="cardinalcommerce" type="host">geo.cardinalcommerce.com</value>
<value id="meetanshi" type="host">*.meetanshi.com</value>
<value id="stripe" type="host">*.stripe.com</value>
<value id="klarna" type="host">*.klarna.com</value>
<value id="googleapis" type="host">maps.googleapis.com</value>
<value id="nr-data-bam" type="host">bam.nr-data.net</value>
<value id="nfusion" type="host">api.nfusionsolutions.biz</value>
</values>
</policy>
<policy id="worker-src">
<values>
<value id="worker-blob" type="host">blob:</value>
</values>
</policy>
<policy id="img-src">
<values>
<value id="meetanshi" type="host">https://meetanshi.com</value>
<value id="meetanshiimg" type="host">https://meetanshi.com/media/logo.png</value>
<value id="facebookimg" type="host">https://www.facebook.com</value>
</values>
</policy>
<policy id="frame-src">
<values>
<value id="doubleclick" type="host">td.doubleclick.net</value>
</values>
</policy>
</policies>
</csp_whitelist>