- URL:
- https://<notebookserveradmin>/security/config/
- Methods:
POST- Version Introduced:
- 12.1
Description
The update operation updates the Content-Security-Policy (CSP) response headers that are included when accessing different components of ArcGIS Notebook Server.
This operation supports setting CSP response headers for rest and admin. When set, this response header is applied to each HTML page in the Services Directory and Administrator Directory, respectively, and prevents the JavaScript used in XSS attacks from running. This allows organizations to protect themselves from XSS attacks while keeping the HTML view of their API directories enabled.
Request parameters
| Parameter | Details |
|---|---|
(Required) | A JSON object that specifies the Content-Security-Policy response headers being applied. This operation supports setting CSP response headers for |
| The response format. The default format is Values: |
Example usage
The following is a sample POST request for the update operation:
POST /arcgis/admin/security/config/updateContentSecurityPolicy HTTP/1.1
Host: notebookserver.example.com:11443
Content-Type: application/x-www-form-urlencoded
Content-Length: []
contentSecurityPolicy={"rest": "script-src 'self';", "admin": "script-src 'self';"}&f=pjsonJSON Response example
{"status": "success"}