- URL:
- https://<root>/security/config/updateContentSecurityPolicy
- Methods:
POST
- Version Introduced:
- 11.5
Description
The update
operation updates the Content-Security-Policy (CSP) response headers that are included when accessing different components of ArcGIS Server.
Currently, this operation only supports setting one CSP response header. When set, this response header is applied to each HTML page in the Services Directory and prevents the JavaScript used in XSS attacks from running, which allows organizations to protect themselves from XSS attacks while keeping the HTML view of the Services Directory enabled.
Request parameters
Parameter | Details |
---|---|
(Required) | A JSON object that specifies the Content-Security-Policy response headers being applied. Currently, this property only supports defining the CSP response header for
|
| The response format. The default format is Values: |
Example usage
The following is a sample POST request for the update
operation:
POST /<context>/admin/security/config/updateContentSecurityPolicy HTTP/1.1
Host: organization.example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []
contentSecurityPolicy={"rest": "script-src 'self';"}&f=pjson
JSON Response example
{"status": "success"}