위Content Security Policy
전일까지 정상적으로 결제됐던게 금일 진행 시 캡쳐화면과 같이 정책위반이 뜹니다.
아파치 서버에 어떤 설정을 해줘야 하나요?
서버 설정은 아래와 같이 되어있습니다.
#Header always append X-Frame-Options SAMEORIGIN
Header always set X-XSS-Protection "1; mode=block"
#Header always set X-Content-Type-Options: nosniff
Header set Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wizvil.net; xpayvvip.tosspayments.com; pgweb.tosspayments.com; pgweb.tosspayments.com:9091; js.tosspayments.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' *.wizvil.net"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
아파치 서버에 어떤 설정을 해줘야 하나요?
서버 설정은 아래와 같이 되어있습니다.
#Header always append X-Frame-Options SAMEORIGIN
Header always set X-XSS-Protection "1; mode=block"
#Header always set X-Content-Type-Options: nosniff
Header set Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wizvil.net; xpayvvip.tosspayments.com; pgweb.tosspayments.com; pgweb.tosspayments.com:9091; js.tosspayments.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' *.wizvil.net"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
