DocumentationCommerceTools

ACSD-60816: New Relic browser monitoring scripts injected by APM agent are not compliant with CSP

Last update: Thu Nov 07 2024 00:00:00 GMT+0000 (Coordinated Universal Time)

CREATED FOR:

  • Experienced
  • Admin
  • Developer

The ACSD-60816 patch fixes the issue where the New Relic browser monitoring scripts injected by the APM agent are not compliant with the Content Security Policy (CSP). This patch is available when the Quality Patches Tool (QPT) 1.1.51 is installed. The patch ID is ACSD-60816. Please note that this issue is scheduled to be fixed in Adobe Commerce 2.4.8.

Affected products and versions

The patch is created for Adobe Commerce version:

Adobe Commerce (all deployment methods) 2.4.6-p6

Compatible with Adobe Commerce versions:

Adobe Commerce (all deployment methods) 2.4.4 - 2.4.6-p8

NOTE
The patch might become applicable to other versions with new Quality Patches Tool releases. To check if the patch is compatible with your Adobe Commerce version, update the magento/quality-patches package to the latest version and check the compatibility on the Quality Patches Tool: Search for patches page. Use the patch ID as a search keyword to locate the patch.

Issue

New Relic browser monitoring scripts injected by the APM agent are not compliant with CSP.

Steps to reproduce:

  1. Add product to the cart.
  2. Go to checkout.

Expected results:

There is no CSP error in the developer console.

Actual results:

You get the following error:

Content-Security-Policy: The page's settings blocked an inline script (script-src-elem) from being executed because it violates the following directive: "script-src
...

Apply the patch

To apply individual patches, use the following links depending on your deployment method:

To learn more about Quality Patches Tool, refer to:

For info about other patches available in QPT, refer to Quality Patches Tool: Search for patches in the Quality Patches Tool guide.

recommendation-more-help
c2d96e17-5179-455c-ad3a-e1697bb4e8c3