CSP origins

CSP origins allows you to configure domains, or origins, that Qlik Sense client visualizations/extensions are allowed to communicate with.

Query Parameters

sort
string

Field to sort by, prefix with -/+ to indicate order

Enum:

name

-name

origin

-origin

createdDate

-createdDate

modifiedDate

-modifiedDate

limit
default=20, minimum=1, maximum=100
number

Maximum number of CSP-Origins to retrieve

next
string

Cursor to the next page

prev
string

Cursor to previous next page

name
string

Filter resources by name (wildcard and case insensitive)

origin
string

Filter resources by origin (wildcard and case insensitive)

childSrc
boolean

Filter resources by directive 'childSrc' true/false

connectSrc
boolean

Filter resources by directive 'connectSrc' true/false

connectSrcWSS
boolean

Filter resources by directive 'connectSrcWSS ' true/false

fontSrc
boolean

Filter resources by directive 'fontSrc' true/false

formAction
boolean

Filter resources by directive 'formAction' true/false

frameAncestors
boolean

Filter resources by directive 'frameAncestors' true/false

frameSrc
boolean

Filter resources by directive 'frameSrc' true/false

imgSrc
boolean

Filter resources by directive 'imgSrc' true/false

mediaSrc
boolean

Filter resources by directive 'mediaSrc' true/false

objectSrc
boolean

Filter resources by directive 'objectSrc' true/false

scriptSrc
boolean

Filter resources by directive 'scriptSrc' true/false

styleSrc
boolean

Filter resources by directive 'styleSrc' true/false

workerSrc
boolean

Filter resources by directive 'workerSrc' true/false

Responses

200
application/json

OK Response

400
application/json

Bad Request

401
application/json

Unauthorized

403
application/json

Forbidden

500
application/json

Internal Server Error

503
application/json

Service Unavailable

GET
/csp-origins
curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins" \
 -H "Authorization: Bearer <API-key>"

Response

{
  "data": [
    {
      "id": "string"
    }
  ],
  "links": {
    "next": {
      "href": "string"
    },
    "self": {
      "href": "string"
    },
    "prev": {
      "href": "string"
    }
  }
}

Request Body

application/json

No description

Responses

201
application/json

OK Response

400
application/json

Bad Request

401
application/json

Unauthorized

403
application/json

Forbidden

500
application/json

Internal Server Error

503
application/json

Service Unavailable

POST
/csp-origins
curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins" \
 -X POST \
 -H "Authorization: Bearer <API-key>" \
 -H "Content-type: application/json" \
 -d '{"origin":"string","name":"string","description":"string","childSrc":true,"connectSrc":true,"connectSrcWSS":true,"fontSrc":true,"formAction":true,"frameAncestors":true,"frameSrc":true,"imgSrc":true,"mediaSrc":true,"objectSrc":true,"scriptSrc":true,"styleSrc":true,"workerSrc":true,"createdDate":"2020-11-24T21:41:48.304Z","modifiedDate":"2020-11-24T21:41:48.304Z"}'

Request

{
  "origin": "string",
  "name": "string",
  "description": "string",
  "childSrc": true,
  "connectSrc": true,
  "connectSrcWSS": true,
  "fontSrc": true,
  "formAction": true,
  "frameAncestors": true,
  "frameSrc": true,
  "imgSrc": true,
  "mediaSrc": true,
  "objectSrc": true,
  "scriptSrc": true,
  "styleSrc": true,
  "workerSrc": true,
  "createdDate": "2020-11-24T21:41:48.304Z",
  "modifiedDate": "2020-11-24T21:41:48.304Z"
}

Response

{
  "id": "string"
}

Path Parameters

id
string

The CSP entry's unique identifier.

Responses

200
application/json

OK Response

400
application/json

Bad Request

401
application/json

Unauthorized

403
application/json

Forbidden

404
application/json

Not found

500
application/json

Internal Server Error

503
application/json

Service Unavailable

GET
/csp-origins/{id}
curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins/{id}" \
 -H "Authorization: Bearer <API-key>"

Response

{
  "id": "string"
}

Path Parameters

id
string

The CSP entry's unique identifier.

Request Body

application/json

No description

Responses

200
application/json

OK Response

400
application/json

Bad Request

401
application/json

Unauthorized

403
application/json

Forbidden

404
application/json

Not found

500
application/json

Internal Server Error

503
application/json

Service Unavailable

PUT
/csp-origins/{id}
curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins/{id}" \
 -X PUT \
 -H "Authorization: Bearer <API-key>" \
 -H "Content-type: application/json" \
 -d '{"origin":"string","name":"string","description":"string","childSrc":true,"connectSrc":true,"connectSrcWSS":true,"fontSrc":true,"formAction":true,"frameAncestors":true,"frameSrc":true,"imgSrc":true,"mediaSrc":true,"objectSrc":true,"scriptSrc":true,"styleSrc":true,"workerSrc":true,"createdDate":"2020-11-24T21:41:48.304Z","modifiedDate":"2020-11-24T21:41:48.304Z"}'

Request

{
  "origin": "string",
  "name": "string",
  "description": "string",
  "childSrc": true,
  "connectSrc": true,
  "connectSrcWSS": true,
  "fontSrc": true,
  "formAction": true,
  "frameAncestors": true,
  "frameSrc": true,
  "imgSrc": true,
  "mediaSrc": true,
  "objectSrc": true,
  "scriptSrc": true,
  "styleSrc": true,
  "workerSrc": true,
  "createdDate": "2020-11-24T21:41:48.304Z",
  "modifiedDate": "2020-11-24T21:41:48.304Z"
}

Response

{
  "id": "string"
}

Path Parameters

id
string

The CSP entry's unique identifier.

Responses

204
object

No Content response.

400
application/json

Bad Request

401
application/json

Unauthorized

403
application/json

Forbidden

404
application/json

Not found

500
application/json

Internal Server Error

503
application/json

Service Unavailable

DELETE
/csp-origins/{id}
curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins/{id}" \
 -X DELETE \
 -H "Authorization: Bearer <API-key>"

Responses

200
text/plain
string

OK Response

401
application/json

Unauthorized

406
application/json

Not Acceptable

500
application/json

Internal Server Error

503
application/json

Service Unavailable

GET
/csp-origins/actions/generate-header
curl "https://your-tenant.us.qlikcloud.com/api/v1/csp-origins/actions/generate-header" \
 -H "Authorization: Bearer <API-key>"

Properties

errors

No description

Error

object

Properties

code
string

The unique code for the error

title
string

A summary of what went wrong

detail
optional
string

May be used to provide additional details

CSPHeader

object

Properties

Content-Security-Policy
string

The compiled CSP header

Properties

data

No description

links

No description

CSPEntry

object

Properties

id
string

The CSP entry's unique identifier

Properties

origin
string

The origin that the CSP directives should be applied to

name
optional
string

The name for this entry

description
optional
string

The reason for adding this origin to the Content Security Policy

childSrc
optional
boolean

Defines the valid sources for loading web workers and nested browsing contexts using elements such as frame and iframe

connectSrc
optional
boolean

Restricts the URLs that can be loaded using script interfaces

connectSrcWSS
optional
boolean

Restricts the URLs that can be connected to websockets (all sources will be prefixed with 'wss://')

fontSrc
optional
boolean

Specifies valid sources for loading fonts

formAction
optional
boolean

Allow forms to be submitted to the origin

frameAncestors
optional
boolean

Specifies valid sources for embedding the resource using frame, iframe, object, embed and applet

frameSrc
optional
boolean

Specifies valid sources for loading nested browsing contexts using elements such as frame and iframe

imgSrc
optional
boolean

Specifies valid sources of images and favicons

mediaSrc
optional
boolean

Specifies valid sources for loading media using the audio and video elements

objectSrc
optional
boolean

Specifies valid sources for the object, embed, and applet elements

scriptSrc
optional
boolean

Specifies valid sources for JavaScript

styleSrc
optional
boolean

Specifies valid sources for stylesheets

workerSrc
optional
boolean

Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts

createdDate
optional
string<date-time>

The UTC timestamp when the CSP entry was created

modifiedDate
optional
string<date-time>

The UTC timestamp when the CSP entry was last modified

v1.7.1