loki extensions

LokiCheckout_Csp

Core
PHP 8.1 - 8.4
Magento 2.4.7 | 2.4.8
CSP Yes
Latest Release 2.0.6

This Magento 2 module is an add-on package for enforcing the CSP Restrictive Mode in the checkout, including the Alpine CSP Build and removing the unsafe-inline and unsafe-eval policies. This is required to be fully compliant with PCI DSS v4.

Note that we develop our core with this module enabled at all times, which ensures that the Loki Checkout is CSP compliant at all times.

Installation

Install this package via composer:

composer require loki-checkout/magento2-csp

Next, enable this module:

bin/magento module:enable LokiCheckout_Csp

Usage notes

Note that this module only covers CSP rules for the LokiCheckout extensions. Your theme still requires work as well to work together with the no-unsafe-inline and no-unsafe-eval policies.

Support

For getting support, create an Issue under the following project URL:

https://gitlab.yireo.com/loki-checkout/LokiCheckout_Csp

Module Dependencies

The following dependencies are declared in the module its `etc/module.xml` file:

LokiCheckout_Core Loki_Base Loki_Components Loki_CssUtils Loki_FieldComponents Loki_MapComponents Magento_Backend Magento_Catalog Magento_Checkout Magento_CheckoutAgreements Magento_Config Magento_Csp Magento_Customer Magento_Directory Magento_Eav Magento_Newsletter Magento_Payment Magento_Quote Magento_Sales Magento_Shipping Magento_Store Magento_Vault Yireo_CspUtilities Yireo_HyvaThemeAutoRegistration
Composer details
Magento module name
LokiCheckout_Csp
Composer name
loki-checkout/magento2-csp
Composer version
2.0.6
Default branch
main
Requirements
magento/framework: ^103.0
loki-checkout/magento2-core: ^2.0
yireo/magento2-csp-utilities: ^1.0
Releases
dev-main#43db5e7cb59c221ba78efac301629647b14b381f 20 October 2025
2.0.6 20 October 2025
2.0.5 20 October 2025
2.0.4 20 October 2025
2.0.3 20 October 2025
2.0.2 20 October 2025
2.0.1 20 October 2025
2.0.0 20 October 2025
1.0.5 20 October 2025
1.0.4 20 October 2025
1.0.3 20 October 2025
1.0.2 20 October 2025
1.0.1 20 October 2025
1.0.0 20 October 2025
Changelog

[2.0.6] - 16 September 2025

Fixed

  • Rename loki-components.alpinejs to loki.alpinejs

[2.0.5] - 28 August 2025

Fixed

  • Add CI files
  • Replace yireo/opensearch with yireo/opensearch-dummy in Gitlab CI

[2.0.4] - 26 August 2025

Fixed

  • Rename Alpine CSP template
  • Load Alpine Mask under Luma properly
  • Add GitLab CI files

[2.0.3] - 21 August 2025

Fixed

  • Add defer back to Alpine CSP loadig
  • Fix newlines after comments
  • Add escaping of template code
  • Remove defer from Alpine to load things faster

[2.0.2] - 19 August 2025

Fixed

  • Lower requirements to PHP 8.1

[2.0.1] - 07 August 2025

Fixed

  • Lower PHP requirement to PHP 8.2+

[2.0.0] - 22 July 2025

Fixed

  • Bump LokiCheckout_Core to 2.0.0
  • Rename PHP namespace from Yireo_Loki* to Loki*
  • Rename composer package from yireo/magento2-loki* to loki/magento2*

[1.0.5] - 08 July 2025

Fixed

  • Generate new MODULE.json with simple test count
  • Allow PHP 8.4 in CI

[1.0.4] - 28 April 2025

Fixed

  • Properly add CSP to Luma-themes

[1.0.3] - 25 April 2025

Fixed

  • Allow upgrading to LokiFieldComponents and LokiCheckout 1.0
  • Update Alpine CSP built

[1.0.2] - 08 April 2025

Fixed

  • Housekeeping

[1.0.1] - 22 February 2025

  • Change deps
  • Add proper README
  • Replace TODO.md with TODO.json

[1.0.0] - 21 January 2025

  • Add proper deps
  • Initial release

Last modified: September 1, 2025