LokiCheckout_Csp
This Magento 2 module is an add-on package for enforcing the CSP Restrictive Mode in the checkout, including the Alpine CSP Build and removing the unsafe-inline and unsafe-eval policies. This is required to be fully compliant with PCI DSS v4.
Note that we develop our core with this module enabled at all times, which ensures that the Loki Checkout is CSP compliant at all times.
Installation
Install this package via composer:
composer require loki-checkout/magento2-csp
Next, enable this module:
bin/magento module:enable LokiCheckout_Csp
Usage notes
Note that this module only covers CSP rules for the LokiCheckout extensions. Your theme still requires work as well to work together with the no-unsafe-inline and no-unsafe-eval policies.
Support
For getting support, create an Issue under the following project URL:
https://gitlab.yireo.com/loki-checkout/LokiCheckout_Csp.git
Module Dependencies
The following dependencies are declared in the module its `etc/module.xml` file:
LokiCheckout_Core
Loki_Base
Loki_Components
Loki_CssUtils
Loki_FieldComponents
Loki_MapComponents
Magento_Backend
Magento_Catalog
Magento_Checkout
Magento_CheckoutAgreements
Magento_Config
Magento_Csp
Magento_Customer
Magento_Directory
Magento_Eav
Magento_Newsletter
Magento_Payment
Magento_Quote
Magento_Sales
Magento_Shipping
Magento_Store
Magento_Tax
Magento_Vault
Yireo_CspUtilities
Composer details
LokiCheckout_Csploki-checkout/magento2-csp
loki-checkout/magento2-core: ^2.0
magento/framework: ^103.0
yireo/magento2-csp-utilities: ^1.0
Releases
| 2.0.10 | 12 June 2026 |
| 2.0.9 | 12 June 2026 |
| 2.0.8 | 12 June 2026 |
| 2.0.7 | 12 June 2026 |
| 2.0.6 | 12 June 2026 |
| 2.0.5 | 12 June 2026 |
| 2.0.4 | 12 June 2026 |
| 2.0.3 | 12 June 2026 |
| 2.0.2 | 12 June 2026 |
| 2.0.1 | 12 June 2026 |
| 2.0.0 | 12 June 2026 |
| 1.0.5 | 12 June 2026 |
| 1.0.4 | 12 June 2026 |
| 1.0.3 | 12 June 2026 |
| 1.0.2 | 12 June 2026 |
| 1.0.1 | 12 June 2026 |
| 1.0.0 | 12 June 2026 |
Changelog
[2.0.10] - 12 January 2026
Fixed
- Check for AlpineJS loader block instead of module being enabled
- Copy generic CI/CD files
[2.0.9] - 02 December 2025
Fixed
- Enable CSP on-the-fly to allow for disabling under Luma Checkout
[2.0.8] - 21 November 2025
Fixed
- Allow compatibility with
MageOS_AlpineLoader - Replace
$block->getChildHtml()with$childRenderer->all()including better sorting
[2.0.7] - 14 November 2025
Fixed
- Upgrade Alpine CSP to 3.15.1
- Update composer keywords
- Update composer keywords
- Update composer keywords
- Update README
[2.0.6] - 16 September 2025
Fixed
- Rename loki-components.alpinejs to loki.alpinejs
[2.0.5] - 28 August 2025
Fixed
- Add CI files
- Replace yireo/opensearch with yireo/opensearch-dummy in Gitlab CI
[2.0.4] - 26 August 2025
Fixed
- Rename Alpine CSP template
- Load Alpine Mask under Luma properly
- Add GitLab CI files
[2.0.3] - 21 August 2025
Fixed
- Add
deferback to Alpine CSP loadig - Fix newlines after comments
- Add escaping of template code
- Remove defer from Alpine to load things faster
[2.0.2] - 19 August 2025
Fixed
- Lower requirements to PHP 8.1
[2.0.1] - 07 August 2025
Fixed
- Lower PHP requirement to PHP 8.2+
[2.0.0] - 22 July 2025
Fixed
- Bump
LokiCheckout_Coreto 2.0.0 - Rename PHP namespace from
Yireo_Loki*toLoki* - Rename composer package from
yireo/magento2-loki*toloki/magento2*
[1.0.5] - 08 July 2025
Fixed
- Generate new MODULE.json with simple test count
- Allow PHP 8.4 in CI
[1.0.4] - 28 April 2025
Fixed
- Properly add CSP to Luma-themes
[1.0.3] - 25 April 2025
Fixed
- Allow upgrading to LokiFieldComponents and LokiCheckout 1.0
- Update Alpine CSP built
[1.0.2] - 08 April 2025
Fixed
- Housekeeping
[1.0.1] - 22 February 2025
- Change deps
- Add proper README
- Replace TODO.md with TODO.json
[1.0.0] - 21 January 2025
- Add proper deps
- Initial release