If you run a B2B Magento store with guest checkout disabled, your checkout may have been silently broken for longer than you realise. Version 1.3.10 fixes three live issues: Alpine.js CSP errors disrupting JavaScript execution, a modal that closes unexpectedly during address entry, and an Enter key that fails to submit the address form. None of these is a flashy addition, but in eCommerce, the updates that quietly remove checkout friction are often the ones that move the needle most.
Let's break down what changed and why it matters.
The CSP fix: Critical for B2B stores
The most significant change in 1.3.10 addresses Alpine.js Content Security Policy (CSP) errors that appeared when guest checkout was disabled. If you have configured checkout/options/guest_checkout to require login before purchase (a common pattern for B2B stores, wholesale operations, and membership-based retailers), you may have been seeing CSP errors in your browser console without realising they were silently degrading the checkout experience.
The root cause was that Hyvä's checkout was reusing theme-based login components that were not fully compatible with Alpine's CSP-friendly build. The fix introduces a dedicated checkout-specific login layout and template overrides:
-
A new layout handle:
hyva_checkout_customer_account_login -
A custom login form template:
Hyva_Checkout::overrides/Magento_Customer/form/login.phtml -
A login template with Alpine initialisation:
Hyva_Checkout::overrides/Magento_Customer/form/login-component.phtml
The Hyvä team has been transparent that this is a temporary solution, with a more comprehensive in-checkout login and register workflow on the roadmap. In the meantime, if you have guest checkout disabled, update to 1.3.10 and check your browser console for CSP errors. They may be causing subtle checkout failures that are not immediately visible to users.
UX fixes: Address entry flow
Two smaller but equally important fixes in 1.3.10 both address the same part of checkout: the address entry modal.
The first resolves a frustrating intermittent bug where clicking the pre-loader mask while adding a new shipping address would unexpectedly close the modal, discarding whatever the customer had typed. This is the kind of issue that is maddening precisely because it is not consistent. It is more likely to affect mobile users who tap imprecisely, or customers on slower connections, where the loading state is visible for longer. The fix ensures the pre-loader no longer interrupts the address entry process, keeping the form open and usable until the loading state completes.
The second restores something that should never have broken: submitting the address form using the Enter key on a desktop, or the Go button on mobile keyboards. When this fails, customers do not get an error message. They fill out the form, hit Enter, nothing happens, and they have to hunt for the submit button. The fix is straightforward but correct: the component now listens to the form submit event rather than relying solely on button click handlers, which ensures compatibility with all standard input methods.
Taken together, these two fixes remove a category of friction that rarely shows up in drop-off analytics but accumulates quietly in customer experience. Customers who hit these issues do not always abandon. They re-enter their details, complete the order, and do not come back. Smoother address entry is not a minor detail; it is a direct input into repeat purchase rate.
CMS tailwind JIT 1.2.25: Widget icons in WYSIWYG
Shipping alongside Checkout 1.3.10 is a quieter but worthwhile fix in CMS Tailwind JIT 1.2.25, aimed at merchants whose content teams work in the classic Magento WYSIWYG editor rather than PageBuilder.
The issue affected widget icon rendering. When content editors inserted widgets into CMS pages or blocks, the icons that help identify widget type were not displaying correctly. This is a small thing on the surface, but in practice, it creates a real workflow problem. Content managers who work with widgets daily rely on those visual cues to navigate the editor confidently. Without them, identifying the correct widget type requires guesswork or extra clicks, slowing down content production and increasing the chance of errors, particularly for less technical team members who do not have the option of reading the underlying markup.
The fix restores correct icon rendering across the WYSIWYG interface. If your content team has been reporting missing or broken icons when working with widgets, updating to 1.2.25 resolves the issue without any configuration changes required on your end.
It is worth noting that this fix is specifically relevant to stores using the classic editor. If your team works exclusively in PageBuilder, this update will not affect your editorial workflow, though updating is still recommended to keep your Hyvä stack consistent.
What’s next for merchants?
Baymard Institute's research consistently shows that checkout UX issues account for a significant portion of cart abandonment. The specific problems Hyvä addressed in 1.3.10 (form submission failures, unexpected modal closures, and CSP errors disrupting JavaScript execution) all fall into categories that Baymard identifies as friction points that customers rarely articulate but regularly abandon.
For merchants running Hyvä Checkout, the update path is straightforward: update to 1.3.10, test your checkout flow with guest checkout both enabled and disabled, verify CSP headers are clean in your browser console, and test address entry on both desktop and mobile.
For merchants evaluating Hyvä, the velocity and focus of these releases tell you something important about the project's maturity. The team is past the exciting new features phase and deep into making everything work correctly, which is exactly where you want a checkout solution to be when real revenue depends on it.
If you are unsure whether your Hyvä Checkout setup is configured correctly or want guidance on upgrading, get in touch with the On Tap team, and we will help you get there.


