10.3.0: #321

mage2pro · Aug 5, 2023 · 286dfb0 · 286dfb0
1 parent a05a387
commit 286dfb0
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 5 deletions.
diff --git a/Core/etc/csp_whitelist.xml b/Core/etc/csp_whitelist.xml
@@ -0,0 +1,18 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!-- 2023-08-05 -->
+<csp_whitelist
+	xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' 
+	xsi:noNamespaceSchemaLocation='urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd'
+>
+	<policies>
+<!-- 2023-08-05
+«Refused to load the script 'https://cdn.jsdelivr.net/lodash/4.14.1/lodash.js'
+because it violates the following Content Security Policy directive: "script-src <…>"»:
+https://github.com/mage2pro/core/issues/321 -->
+		<policy id='script-src'>
+			<values>
+				<value id='cdn.jsdelivr.net' type='host'>cdn.jsdelivr.net</value>
+			</values>
+		</policy>
+	</policies>
+</csp_whitelist>
diff --git a/Core/view/base/requirejs-config.js b/Core/view/base/requirejs-config.js
@@ -1,15 +1,18 @@
 var config = {paths: {
 	'df': 'Df_Core/my/all'
 	,'dfHasValue': 'Df_Core/my/hasValue'
+	// 2023-08-05
+	// «Refused to load the script 'https://cdn.jsdelivr.net/lodash/4.14.1/lodash.js'
+	// because it violates the following Content Security Policy directive: "script-src <…>"»:
+	// https://github.com/mage2pro/core/issues/321
 	,'df-lodash': 'https://cdn.jsdelivr.net/lodash/4.14.1/lodash'
 	,'df-lodash-local': 'Df_Core/thirdParty/lodash'
 	// 2019-08-01 https://github.com/flesler/jquery.scrollTo
 	,'df-scroll': 'Df_Core/thirdParty/scrollTo'
 	,'df-uniform': 'Df_Core/my/uniform'
 	/**
 	 * 2017-10-18
-	 * Note 1.
-	 * «JavaScript Unicode 8.0 Normalization - NFC, NFD, NFKC, NFKD»: https://github.com/walling/unorm
+	 * Note 1. «JavaScript Unicode 8.0 Normalization - NFC, NFD, NFKC, NFKD»: https://github.com/walling/unorm
 	 * Note 2.
 	 * `The ineligible characters should be automatically replaced by the corresponding eligible ones
 	 * while prefilling the cardholder's name

diff --git a/Framework/etc/csp_whitelist.xml b/Framework/etc/csp_whitelist.xml
@@ -11,7 +11,7 @@ because it violates the following Content Security Policy directive:
 "font-src fonts.gstatic.com data: 'self' 'unsafe-inline'"»: https://github.com/mage2pro/core/issues/320 -->
 		<policy id='font-src'>
 			<values>
-				<value id='bootstrapCdn' type='host'>*.bootstrapcdn.com</value>
+				<value id='*.bootstrapcdn.com' type='host'>*.bootstrapcdn.com</value>
 			</values>
 		</policy>
 <!-- 2023-08-05
@@ -23,7 +23,7 @@ https://github.com/mage2pro/core/issues/319
 2) https://magento.stackexchange.com/a/312254 -->
 		<policy id='style-src'>
 			<values>
-				<value id='bootstrapCdn' type='host'>*.bootstrapcdn.com</value>
+				<value id='*.bootstrapcdn.com' type='host'>*.bootstrapcdn.com</value>
 			</values>
 		</policy>
 	</policies>

diff --git a/composer.json b/composer.json
@@ -1,6 +1,6 @@
 {
 	"name": "mage2pro/core"
-	,"version": "10.2.9"
+	,"version": "10.3.0"
 	,"description": "Mage2.PRO core package."
 	,"type": "magento2-module"
 	,"homepage": "https://mage2.pro"