is Daum Postal Service API supporting Content-Security-Policy webpage

[gshwe]

Hi Sir/Madam,

Question is related to Daum Postal Service API able to support and function as normal from a website which have the Content-Security-Policy option turn on, with *.daumcdn.net domain included under policy attribute script-src, style-src, font-src, img-src, connect-src and frame-src? is the guide from https://spi.maps.daum.net/postcode/guidessl able to provide more information on what need to do in html page if Content-Security-Policy require turn on?

Reason asking is because my tested result will show an empty pop-up content when Content-Security-Policy turn on.

Regards,

[daumPostcode]

@gshwe
hello gshwe

The Daum Postcode service uses multiple domains, not one domain.
If you are using CSP, please register all domains used by the postal code service.

HTTP :

• http://postcode.map.daum.net
• http://suggest-bar.daum.net
• http://t1.daumcdn.net
• http://stlog1.local.daum.net
• http://dmaps.daum.net

HTTPS :

• https://suggest-bar.daum.net
• https://t1.daumcdn.net
• https://spi.maps.daum.net
• https://stlog1.local.daum.net
• https://ssl.daumcdn.net

Thank you.

[gshwe]

Thanks daumPostcode.

The information is very helpful. after put in the addional 3 domains, the pop-up is working fine with Security Rating as A.

I hope this information can be included in your guide for any domain who will need to turn on the Content-Security-Policy setting.

Thank You.

[daumPostcode]

@gshwe

Yes, I will apply it to the guide page.
Thank you for your suggestion.

[gshwe]

for your reference, this is the site where I used on checking the Security rating. https://securityheaders.com/