Enable CSP cause blank popup and security error showing
My customer asked to enable CSP in their site. I tried to enable and whitelist the domain vbv.shinhancard.com but the payment step is not work. Do you have any sample CSP settings to make it work?
7 Replies
⏳ 잠시만 기다려주세요! 곧 답변드리겠습니다
오류 문의일 경우 아래 정보를 미리 전달해주시면, 빠른 답변에 도움이 됩니다.
- 주문번호(orderId) :
- 문의 내용 :
(img를 함께 첨부해주시면 도움이됩니다)
* 계약관련 내용은 1544-7772로 문의주세요.
* 주말/공휴일에는 답변이 늦을 수 있어요.
Hi @ndlinh
I would like to understand more about your customer's environment for the payment.
Is your client would like to use Tosspayments Payment window service within private network environment?
Or, we would like to understand your client security policy at their service.
Seems it is to strict to use the payment service
Is your client would like to use Tosspayments Payment window service within private network environment?No, it is a public e-commerce site.
Or, we would like to understand your client security policy at their service.They want to use CSP policy to whitelist all known external resources and block all others. The main problem is there are lot of external resources from Tosspayments Payment, we don't know which should be whitelist exactly.
Tosspayments is Payment Gateway, and we are connecting merchant to card company services.
There are many resources from 3rd parties, thus we do not have sample CSP setting for it. We cannot make 100% sure on this. Because it is based on service provider. Please kindly understand on this.
Do you have any advices for us to solve this problem?
um.. if possible, your client might need to lower the security level within payment procedure.
❤️ 기술문의 경험이 어떠셨나요?!
간단히 코멘트 남겨주세요! 제품 발전에 큰 힘이 됩니다.