CSP origins

CSP origins allows you to configure domains, or origins, that Qlik Sense client visualizations/extensions are allowed to communicate with.

Endpoints

Skip to section
GET/csp-origins
POST/csp-origins
GET/csp-origins/{id}
PUT/csp-origins/{id}
DELETE/csp-origins/{id}
GET/csp-origins/actions/generate-header

Retrieves all CSP entries for a tenant

Query Parameters GET /csp-origins

sort
string

Field to sort by, prefix with -/+ to indicate order.

Enum:

name

-name

origin

-origin

createdDate

-createdDate

modifiedDate

-modifiedDate

limit
default=20, minimum=1, maximum=100
number

Maximum number of CSP-Origins to retrieve.

next
string

Cursor to the next page.

prev
string

Cursor to previous next page.

name
string

Filter resources by name (wildcard and case insensitive).

origin
string

Filter resources by origin (wildcard and case insensitive).

childSrc
boolean

Filter resources by directive 'childSrc', true/false.

connectSrc
boolean

Filter resources by directive 'connectSrc', true/false.

connectSrcWSS
boolean

Filter resources by directive 'connectSrcWSS', true/false.

fontSrc
boolean

Filter resources by directive 'fontSrc', true/false.

formAction
boolean

Filter resources by directive 'formAction', true/false.

frameAncestors
boolean

Filter resources by directive 'frameAncestors', true/false.

frameSrc
boolean

Filter resources by directive 'frameSrc', true/false.

imgSrc
boolean

Filter resources by directive 'imgSrc', true/false.

mediaSrc
boolean

Filter resources by directive 'mediaSrc', true/false.

objectSrc
boolean

Filter resources by directive 'objectSrc', true/false.

scriptSrc
boolean

Filter resources by directive 'scriptSrc', true/false.

styleSrc
boolean

Filter resources by directive 'styleSrc', true/false.

workerSrc
boolean

Filter resources by directive 'workerSrc', true/false.

Responses GET /csp-origins

200
application/json

OK Response

400
application/json

Bad Request

401
application/json

Unauthorized

403
application/json

Forbidden

500
application/json

Internal Server Error

503
application/json

Service Unavailable

GET/csp-origins

curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins" \
 -H "Authorization: Bearer <API-key>"

Response GET /csp-origins

{
  "data": [
    {
      "id": "string",
      "origin": "string",
      "name": "string",
      "description": "string",
      "childSrc": true,
      "connectSrc": true,
      "connectSrcWSS": true,
      "fontSrc": true,
      "formAction": true,
      "frameAncestors": true,
      "frameSrc": true,
      "imgSrc": true,
      "mediaSrc": true,
      "objectSrc": true,
      "scriptSrc": true,
      "styleSrc": true,
      "workerSrc": true,
      "createdDate": "2022-05-18T10:58:20.336Z",
      "modifiedDate": "2022-05-18T10:58:20.336Z"
    }
  ],
  "links": {
    "next": {
      "href": "string"
    },
    "self": {
      "href": "string"
    },
    "prev": {
      "href": "string"
    }
  }
}

Creates a new CSP entry

Request Body POST /csp-origins

application/json

No description

Responses POST /csp-origins

201
application/json

OK Response

400
application/json

Bad Request

401
application/json

Unauthorized

403
application/json

Forbidden

500
application/json

Internal Server Error

503
application/json

Service Unavailable

POST/csp-origins

curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins" \
 -X POST \
 -H "Authorization: Bearer <API-key>" \
 -H "Content-type: application/json" \
 -d '{"origin":"string","name":"string","description":"string","childSrc":true,"connectSrc":true,"connectSrcWSS":true,"fontSrc":true,"formAction":true,"frameAncestors":true,"frameSrc":true,"imgSrc":true,"mediaSrc":true,"objectSrc":true,"scriptSrc":true,"styleSrc":true,"workerSrc":true,"createdDate":"2022-05-18T10:58:20.336Z","modifiedDate":"2022-05-18T10:58:20.336Z"}'

Request POST /csp-origins

{
  "origin": "string",
  "name": "string",
  "description": "string",
  "childSrc": true,
  "connectSrc": true,
  "connectSrcWSS": true,
  "fontSrc": true,
  "formAction": true,
  "frameAncestors": true,
  "frameSrc": true,
  "imgSrc": true,
  "mediaSrc": true,
  "objectSrc": true,
  "scriptSrc": true,
  "styleSrc": true,
  "workerSrc": true,
  "createdDate": "2022-05-18T10:58:20.336Z",
  "modifiedDate": "2022-05-18T10:58:20.336Z"
}

Response POST /csp-origins

{
  "id": "string",
  "origin": "string",
  "name": "string",
  "description": "string",
  "childSrc": true,
  "connectSrc": true,
  "connectSrcWSS": true,
  "fontSrc": true,
  "formAction": true,
  "frameAncestors": true,
  "frameSrc": true,
  "imgSrc": true,
  "mediaSrc": true,
  "objectSrc": true,
  "scriptSrc": true,
  "styleSrc": true,
  "workerSrc": true,
  "createdDate": "2022-05-18T10:58:20.336Z",
  "modifiedDate": "2022-05-18T10:58:20.336Z"
}

Returns details for a specific CSP entry

Path Parameters GET /csp-origins/{id}

id
string

The CSP entry's unique identifier.

Responses GET /csp-origins/{id}

200
application/json

OK Response

400
application/json

Bad Request

401
application/json

Unauthorized

403
application/json

Forbidden

404
application/json

Not found

500
application/json

Internal Server Error

503
application/json

Service Unavailable

GET/csp-origins/{id}

curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins/{id}" \
 -H "Authorization: Bearer <API-key>"

Response GET /csp-origins/{id}

{
  "id": "string",
  "origin": "string",
  "name": "string",
  "description": "string",
  "childSrc": true,
  "connectSrc": true,
  "connectSrcWSS": true,
  "fontSrc": true,
  "formAction": true,
  "frameAncestors": true,
  "frameSrc": true,
  "imgSrc": true,
  "mediaSrc": true,
  "objectSrc": true,
  "scriptSrc": true,
  "styleSrc": true,
  "workerSrc": true,
  "createdDate": "2022-05-18T10:58:20.336Z",
  "modifiedDate": "2022-05-18T10:58:20.336Z"
}

Updates a CSP entry

Path Parameters PUT /csp-origins/{id}

id
string

The CSP entry's unique identifier.

Request Body PUT /csp-origins/{id}

application/json

No description

Responses PUT /csp-origins/{id}

200
application/json

OK Response

400
application/json

Bad Request

401
application/json

Unauthorized

403
application/json

Forbidden

404
application/json

Not found

500
application/json

Internal Server Error

503
application/json

Service Unavailable

PUT/csp-origins/{id}

curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins/{id}" \
 -X PUT \
 -H "Authorization: Bearer <API-key>" \
 -H "Content-type: application/json" \
 -d '{"origin":"string","name":"string","description":"string","childSrc":true,"connectSrc":true,"connectSrcWSS":true,"fontSrc":true,"formAction":true,"frameAncestors":true,"frameSrc":true,"imgSrc":true,"mediaSrc":true,"objectSrc":true,"scriptSrc":true,"styleSrc":true,"workerSrc":true,"createdDate":"2022-05-18T10:58:20.337Z","modifiedDate":"2022-05-18T10:58:20.337Z"}'

Request PUT /csp-origins/{id}

{
  "origin": "string",
  "name": "string",
  "description": "string",
  "childSrc": true,
  "connectSrc": true,
  "connectSrcWSS": true,
  "fontSrc": true,
  "formAction": true,
  "frameAncestors": true,
  "frameSrc": true,
  "imgSrc": true,
  "mediaSrc": true,
  "objectSrc": true,
  "scriptSrc": true,
  "styleSrc": true,
  "workerSrc": true,
  "createdDate": "2022-05-18T10:58:20.337Z",
  "modifiedDate": "2022-05-18T10:58:20.337Z"
}

Response PUT /csp-origins/{id}

{
  "id": "string",
  "origin": "string",
  "name": "string",
  "description": "string",
  "childSrc": true,
  "connectSrc": true,
  "connectSrcWSS": true,
  "fontSrc": true,
  "formAction": true,
  "frameAncestors": true,
  "frameSrc": true,
  "imgSrc": true,
  "mediaSrc": true,
  "objectSrc": true,
  "scriptSrc": true,
  "styleSrc": true,
  "workerSrc": true,
  "createdDate": "2022-05-18T10:58:20.337Z",
  "modifiedDate": "2022-05-18T10:58:20.337Z"
}

Deletes a specific CSP entry

Path Parameters DELETE /csp-origins/{id}

id
string

The CSP entry's unique identifier.

Responses DELETE /csp-origins/{id}

204
object

No Content response.

400
application/json

Bad Request

401
application/json

Unauthorized

403
application/json

Forbidden

404
application/json

Not found

500
application/json

Internal Server Error

503
application/json

Service Unavailable

DELETE/csp-origins/{id}

curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins/{id}" \
 -X DELETE \
 -H "Authorization: Bearer <API-key>"

Retrieves the CSP header for a tenant

Responses GET /csp-origins/actions/generate-header

200
text/plain
string

OK Response

401
application/json

Unauthorized

406
application/json

Not Acceptable

500
application/json

Internal Server Error

503
application/json

Service Unavailable

GET/csp-origins/actions/generate-header

curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins/actions/generate-header" \
 -H "Authorization: Bearer <API-key>"

ErrorResponse

object

Properties

errors

No description

Error

object

Properties

code
string

The unique code for the error.

title
string

A summary of what went wrong.

detail
optional
string

May be used to provide additional details.

CSPHeader

object

Properties

Content-Security-Policy
string

The compiled CSP header.

CSPEntryList

object

Properties

data

No description

links

No description

CSPEntry

object

Properties

id
string

The CSP entry's unique identifier.

origin
string

The origin that the CSP directives should be applied to.

name
string

The name for this entry.

description
string

The reason for adding this origin to the Content Security Policy.

childSrc
boolean

Defines the valid sources for loading web workers and nested browsing contexts using elements such as frame and iFrame.

connectSrc
boolean

Restricts the URLs that can be loaded using script interfaces.

connectSrcWSS
boolean

Restricts the URLs that can be connected to websockets (all sources will be prefixed with 'wss://').

fontSrc
boolean

Specifies valid sources for loading fonts.

formAction
boolean

Allow forms to be submitted to the origin.

frameAncestors
boolean

Specifies valid sources for embedding the resource using frame, iFrame, object, embed and applet.

frameSrc
boolean

Specifies valid sources for loading nested browsing contexts using elements such as frame and iFrame.

imgSrc
boolean

Specifies valid sources of images and favicons.

mediaSrc
boolean

Specifies valid sources for loading media using the audio and video elements.

objectSrc
boolean

Specifies valid sources for the object, embed, and applet elements.

scriptSrc
boolean

Specifies valid sources for JavaScript.

styleSrc
boolean

Specifies valid sources for stylesheets.

workerSrc
boolean

Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.

createdDate
string<date-time>

The UTC timestamp when the CSP entry was created.

modifiedDate
string<date-time>

The UTC timestamp when the CSP entry was last modified.

CSPEntryContent

object

Properties

origin
string

The origin that the CSP directives should be applied to.

name
optional
string

The name for this entry.

description
optional
string

The reason for adding this origin to the Content Security Policy.

childSrc
optional
boolean

Defines the valid sources for loading web workers and nested browsing contexts using elements such as frame and iFrame.

connectSrc
optional
boolean

Restricts the URLs that can be loaded using script interfaces.

connectSrcWSS
optional
boolean

Restricts the URLs that can be connected to websockets (all sources will be prefixed with 'wss://').

fontSrc
optional
boolean

Specifies valid sources for loading fonts.

formAction
optional
boolean

Allow forms to be submitted to the origin.

frameAncestors
optional
boolean

Specifies valid sources for embedding the resource using frame, iFrame, object, embed and applet.

frameSrc
optional
boolean

Specifies valid sources for loading nested browsing contexts using elements such as frame and iFrame.

imgSrc
optional
boolean

Specifies valid sources of images and favicons.

mediaSrc
optional
boolean

Specifies valid sources for loading media using the audio and video elements.

objectSrc
optional
boolean

Specifies valid sources for the object, embed, and applet elements.

scriptSrc
optional
boolean

Specifies valid sources for JavaScript.

styleSrc
optional
boolean

Specifies valid sources for stylesheets.

workerSrc
optional
boolean

Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.

createdDate
optional
string<date-time>

The UTC timestamp when the CSP entry was created.

modifiedDate
optional
string<date-time>

The UTC timestamp when the CSP entry was last modified.

v1.7.2
Was this page helpful?