After updating to p8 I had the same issue as a lot of others where the checkout totally broke. This was solved by updating a lot extensions (Magepal GTM/Ecommerce) that were not CSP compatible. IE none of their JS was in the renderTags.
I had to do the same with a lot of other inline scripts (lazy I know) and put them in render tags.
This reduced the CSP errors to just 4.
Here is the source quote from the CSP error –
Source: this.onload=null;this.media=’print’
I could not find this ANYWHERE in my Magento codebase.
However, when I checked the source (ctrl-u) and searched, it hit ALL of the signed CSS stylesheets.
<link rel="stylesheet" media="print" onload="this.onload=null;this.media='all'" href="https://thespicery.test/static/version1729083184/_cache/merged/a1bdb3a8b174f34a06dda804e8d8c16b.css">
<link rel="stylesheet" media="print" onload="this.onload=null;this.media='all'" href="https://thespicery.test/static/version1729083184/_cache/merged/d1a13f605b2f935575ecacfd4d100ed4.css">
<link rel="stylesheet" media="print" onload="this.onload=null;this.media='screen and (min-width: 768px)'" href="https://thespicery.test/static/version1729083184/frontend/Thespicery/standard/en_GB/css/styles-l.css">
<link rel="stylesheet" media="print" onload="this.onload=null;this.media='print'" href="https://thespicery.test/static/version1729083184/_cache/merged/be22b5204b37aefed6823c2b640ae59f.css">
As you can see, the onload=”*” is triggering a CSP response on Checkout.
I am not willing to disable CSP for checkout as we want to be compliant in the future.
Any ideas on what could be causing this?
Work done already –
- Disabled Fishpig Pagespeed Searched
- Searched high and low for an action or
observer that may add such things. - Checked the Luma Demo – such
onclicks do not exist.
I am totally stuck, the entire codebase is searched for something that may add these and I am stumped. Has anyone else come across this?
Many thanks