Magento 2.3.5 – Fix ‘Refused to Load the Stylesheet’ Error

magento2magento2.3.5Security

I've recently upgraded to Magento 2.3.5 and I've been encountering an issue with my Content Security Policy when trying to load a style sheet.

The error (Chrome dev console):

I've added maxcdn to my csp_whitelist.xml but the error still occurs after setup:upgrade + setup:static-content:deploy + cache flush

My csp_whitelist.xml:

<?xml version="1.0"?>
 <csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp/etc/csp_whitelist.xsd">
    <policies>
        <policy id="style-src">
            <values>
                <value id="maxcdn-fontawesome" type="host">maxcdn.bootstrapcdn.com</value>
            </values>
        </policy>
    </policies>
</csp_whitelist>

I've tried adding https in the hostname, but that didn't make any difference.

I'm curious as to why the violated directives are from different domains as well. getfirebug.com is only used for the tinymce editor in my admin backend not on the storefront.

How can I go about removing this error?

Also, could anyone provide me with additional resources for researching this? I've read through Mozillas CSP guide, but it's not exactly the same for Magento 2.3.5.

Best Answer

I have this code and it works fine:

<?xml version="1.0" encoding="UTF-8"?>
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd">
    <policies>
        <policy id="style-src">
            <values>
                <value id="bootstrapCdn" type="host">*.bootstrapcdn.com</value>
            </values>
        </policy>
    </policies>
</csp_whitelist>

Try to clear these folders manually also:

rm -rf var/cache/*
rm -rf var/page_cache/*
rm -rf pub/static/*

Related Solutions

Magento2 Module – Fix ‘main.CRITICAL: Plugin Class Doesn’t Exist’

I couldn't reproduce your error, but I got an other one.

Then I did some minor adjustments to your code and it worked.
First drop the InstallSchema.php file. It does nothing so it is useless.

Then make sure that your plugin file is in Amaj/CorePlugin/Model/Currency/Plugin.php and it looks like this:

<?php

namespace Amaj\CorePlugin\Model\Currency;

class Plugin
{
    protected $logger;

    public function __construct(\Psr\Log\LoggerInterface $logger) {
        $this->logger = $logger;
    }

    /**
     * @param $subject
     * @param \Closure $proceed
     * @param $price
     * @param array $options
     * @return string
     */
    public function aroundFormatTxt(
        $subject,
        \Closure $proceed,
        $price,
        $options = []
    )
    {
        $this->logger->info('Amaj aroundFormatTxt');
        return '2';
    }

}

you don't need parent::__construct(); in the constructor because there is no parent class.
And I replaced $logger->info with $this->logger->info because there is no $logger variable.

Magento – Magento 2.2.5: Overriding Admin Controller sales/order

It is recommendable use the plugin instead of preference for this.

https://devdocs.magento.com/guides/v2.2/extension-dev-guide/plugins.html

You must do the next.

Vendor/Namespace/etc/di.xml

<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
<type name="Magento\Sales\Controller\Adminhtml\Order\Index">
    <plugin name="vendor_namespace_plugin_list" type="Vendor\Namespace\Plugin\ControllerOrderIndexPlugin"/>
</type>

Vendor/Namespace/Plugin/ControllerOrderIndexPlugin.php

<?php

namespace Vendor\Namespace\Plugin;

use Magento\Framework\Message\ManagerInterface;
use Magento\Sales\Controller\Adminhtml\Order\Index;

/**
 * Class ControllerOrderIndexPlugin
 */
class ControllerOrderIndexPlugin
{

    /**
     * @var ManagerInterface
     */
    private $messageManager;

    /**
     * ControllerOrderIndexPlugin constructor.
     *
     * @param ManagerInterface $messageManager
     */
    public function __construct(ManagerInterface $messageManager)
    {
        $this->messageManager = $messageManager;
    }

    /**
     * @param Index $subject
     */
    public function beforeExecute(
        Index $subject
    ) {
        $this->messageManager->addSuccessMessage(__('Message from new admin controller.'));
    }
}

Best Answer

Related Solutions

Magento2 Module – Fix ‘main.CRITICAL: Plugin Class Doesn’t Exist’

Magento – Magento 2.2.5: Overriding Admin Controller sales/order

Related Topic