{"id":37773976,"url":"https://github.com/basecom/magento2-csp-split-header","last_synced_at":"2026-01-16T14:56:59.600Z","repository":{"id":251868817,"uuid":"836772369","full_name":"basecom/magento2-csp-split-header","owner":"basecom","description":"Magento 2 module that solves the problem of oversized CSP headers by splitting them into multiple headers. It extends Magento's CSP Simple Policy Renderer to replace the existing CSP headers, ensuring they remain valid and reducing the likelihood of exceeding the web server's maximum header size.","archived":false,"fork":false,"pushed_at":"2025-03-24T12:28:21.000Z","size":30,"stargazers_count":45,"open_issues_count":2,"forks_count":3,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-09-27T01:44:30.444Z","etag":null,"topics":["magento","magento2","magento2-extension","magento2-extension-free","magento2-module","magento2-plugin"],"latest_commit_sha":null,"homepage":"https://basecom.de","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/basecom.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-08-01T14:22:08.000Z","updated_at":"2025-09-16T13:52:18.000Z","dependencies_parsed_at":"2024-08-27T08:09:43.305Z","dependency_job_id":null,"html_url":"https://github.com/basecom/magento2-csp-split-header","commit_stats":null,"previous_names":["basecom/magento2-csp-split-header"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/basecom/magento2-csp-split-header","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basecom%2Fmagento2-csp-split-header","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basecom%2Fmagento2-csp-split-header/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basecom%2Fmagento2-csp-split-header/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basecom%2Fmagento2-csp-split-header/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/basecom","download_url":"https://codeload.github.com/basecom/magento2-csp-split-header/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basecom%2Fmagento2-csp-split-header/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28479406,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["magento","magento2","magento2-extension","magento2-extension-free","magento2-module","magento2-plugin"],"created_at":"2026-01-16T14:56:59.505Z","updated_at":"2026-01-16T14:56:59.589Z","avatar_url":"https://github.com/basecom.png","language":"PHP","readme":"# Basecom_CspSplitHeader Magento 2 Module\n\n\u003cdiv align=\"center\"\u003e\n\n[![Packagist][ico-version]][link-packagist]\n[![Software License][ico-license]](LICENSE)\n![Supported Magento Versions][ico-compatibility]\n\n\u003c/div\u003e\n\n---\n\n\u003e [!IMPORTANT]  \n\u003e As of Magento 2.4.7 it is no longer possible to deactivate the Magento CSP module.\n\nWith a growing _Content Security Policies_ (CSP) whitelist, the problem can arise that the\nheaders `Content-Security-Policy-Report-Only` and/or `Content-Security-Policy` become so large that they exceed the\nmaximum permitted size of a header field, causing the web server to not process the response any further.\n\nThe CSP mechanism allows multiple policies to be specified for a resource, including via the `Content-Security-Policy`\nheader, the `Content-Security-Policy-Report-Only` header and a `meta`\nelement [[MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#multiple_content_security_policies)].\n__Therefore, the headers can be specified more than once.__\n\nThis is where the module comes into play. It implements an _after method plugin_ for the\nmethod `Magento\\Csp\\Model\\Policy\\Renderer\\SimplePolicyHeaderRenderer::render`, which replaces the existing CSP headers\nvia the method `\\Magento\\Framework\\App\\Response\\HttpInterface::setHeader`. The header is read, split so that the syntax\nremains valid, and replaced by the new headers. The result is a separate header for each directive, each of which should\nno longer exceed the maximum permitted length of the web server.\n\n\u003e [!TIP]\n\u003e If the headers are too large even after splitting, try to identify unnecessary Magento modules and remove them.\n\n## Installation\n\n1. Install it into your Magento 2 project with composer:\n\n    ```console\n    composer require basecom/magento2-csp-split-header\n    ```\n\n2. Enable module\n\n    ```console\n    bin/magento setup:upgrade\n    ```\n\n## Configuration\n\n| Config                                                      | Default Value  | Description                                                |\n|-------------------------------------------------------------|----------------|------------------------------------------------------------|\n| `basecom_csp_split_header/settings/header_splitting_enable` | 0 _(disabled)_ | enables (1) / disables (0) the splitting of the CSP header |\n| `basecom_csp_split_header/settings/max_header_size`         | 8000           | maximum allowed header field size                          |\n\nThese values can be updated in the system configuration under `Basecom -\u003e Content Security Policy -\u003e Enable`.\n\n## Example\n\n1. CSP splitting _disabled_\n\n    ```HTTP\n    Content-Security-Policy: default-src 'self' https://example.com; connect-src 'none'; script-src https://example.com/;                          \n    ```\n\n2. CSP splitting _enabled_\n\n    ```HTTP\n    Content-Security-Policy: default-src 'self' https://example.com; \n    Content-Security-Policy: connect-src 'none'; \n    Content-Security-Policy: script-src https://example.com/;                          \n    ```\n\n## Known Issues\n\n### CSP header is not split correctly ([#5](https://github.com/basecom/magento2-csp-split-header/issues/5))\n\nLower the maximum allowed header field size threshold in the config `basecom_csp_split_header/settings/max_header_size`.\n\n### Varnish 503 error ([#7](https://github.com/basecom/magento2-csp-split-header/issues/7))\n\nIncrease the Varnish header size`http_resp_hdr_len`. The default value is 8kb.\n\n## Contributing\n\nPlease see [CONTRIBUTING](CONTRIBUTING.md) for details.\n\n## Security\n\nIf you discover any security related issues, please email \u003cmagento@basecom.de\u003e instead of using the issue tracker.\n\n## License\n\nThe MIT License (MIT). Please see [License File](LICENSE) for more information.\n\n## Copyright\n\n\u0026copy; 2024 basecom GmbH \u0026 Co. KG\n\n[ico-version]: https://img.shields.io/packagist/v/basecom/magento2-csp-split-header.svg?style=flat-square\n[ico-license]: https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square\n[ico-compatibility]: https://img.shields.io/badge/magento-2.4-brightgreen.svg?logo=magento\u0026longCache=true\u0026style=flat-square\n\n[link-packagist]: https://packagist.org/packages/basecom/magento2-csp-split-header\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbasecom%2Fmagento2-csp-split-header","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbasecom%2Fmagento2-csp-split-header","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbasecom%2Fmagento2-csp-split-header/lists"}