Instructure Developer Documentation Portal
Community
  • Introduction
  • Services
    • Elevate Standards Alignment - AB Connect API
      • Introduction
        • Authentication
        • Addressing Object Properties
        • Requesting Additional Properties in the Response
        • Filtering Using ODATA Like Statements
        • Sorting
        • Facets
        • Paging Data
        • Call Throttling
        • Working with Related Object
        • Error Responses
        • Character Set Support
        • How To Articles, Recommendations and Suggestions
        • Examples
        • Using AB Connect's Embeddable Widgets
      • Reference
        • Standards
        • Standard Collections
        • Events
        • Topics
        • Concepts
        • Assets
        • Asset Definitions
        • Asset Collections
        • Managing and Predicting Relationships
        • Providers
    • Canvas LMS
      • Basics
        • GraphQL
        • API Change Log
        • SIS IDs
        • Pagination
        • Throttling
        • Compound Documents
        • File Uploads
        • API Endpoint Attributes
        • Masquerading
      • OAuth2
        • OAuth2 Overview
        • OAuth2 Endpoints
        • Developer Keys
      • Resources
        • Access Tokens
        • Account Calendars
        • Account Domain Lookups
        • Account Notifications
        • Account Reports
        • Accounts
        • Accounts (LTI)
        • Admins
        • Analytics
        • Announcement External Feeds
        • Announcements
        • API Token Scopes
        • Appointment Groups
        • Assignment Extensions
        • Assignment Groups
        • Assignments
        • Authentication Providers
        • Authentications Log
        • Blackout Dates
        • BlockEditorTemplate
        • Blueprint Courses
        • Bookmarks
        • Brand Configs
        • Calendar Events
        • Collaborations
        • CommMessages
        • Communication Channels
        • Conferences
        • Content Exports
        • Content Migrations
        • Content Security Policy Settings
        • Content Shares
        • Conversations
        • Course Audit log
        • Course Pace
        • Course Quiz Extensions
        • Course Reports
        • Courses
        • Custom Gradebook Columns
        • Developer Key Account Bindings
        • Developer Keys
        • Discussion Topics
        • Enrollment Terms
        • Enrollments
        • ePortfolios
        • ePub Exports
        • Error Reports
        • External Tools
        • Favorites
        • Feature Flags
        • Files
        • Grade Change Log
        • Gradebook History
        • Grading Period Sets
        • Grading Periods
        • Grading Standards
        • Group Categories
        • Groups
        • History
        • InstAccess tokens
        • JWTs
        • Late Policy
        • Learning Object Dates
        • Line Items
        • LiveAssessments
        • Logins
        • LTI Launch Definitions
        • LTI Registrations
        • LTI Resource Links
        • Media Objects
        • Moderated Grading
        • Modules
        • Names and Role
        • New Quiz Items
        • New Quizzes
        • New Quizzes Accommodations
        • New Quizzes Reports
        • Notification Preferences
        • Originality Reports
        • Outcome Groups
        • Outcome Imports
        • Outcome Results
        • Outcomes
        • Pages
        • Peer Reviews
        • Planner
        • Poll Sessions
        • PollChoices
        • Polls
        • PollSubmissions
        • Proficiency Ratings
        • Progress
        • Public JWK
        • Quiz Assignment Overrides
        • Quiz Extensions
        • Quiz IP Filters
        • Quiz Question Groups
        • Quiz Questions
        • Quiz Reports
        • Quiz Statistics
        • Quiz Submission Events
        • Quiz Submission Files
        • Quiz Submission Questions
        • Quiz Submission User List
        • Quiz Submissions
        • Quizzes
        • Result
        • Roles
        • Rubrics
        • Sandboxes
        • Score
        • Search
        • Sections
        • Services
        • Shared Brand Configs
        • SIS Import Errors
        • SIS Imports
        • SIS Integration
        • Smart Search
        • Submission Comments
        • Submissions
        • Tabs
        • Temporary Enrollment Pairings
        • User Observees
        • Users
        • What If Grades
      • Outcomes
        • Outcomes CSV Format
      • Group Categories
        • Group Categories CSV Format
      • SIS
        • SIS CSV Format
      • External Tools
        • LTI
          • Introduction
          • Registration
          • Launch Overview
          • Configuring
          • Variable Substitutions
          • Deep Linking
          • Grading
          • Provisioning
          • PostMessage
          • Platform Notification Service
          • Placements
            • Placements Overview
            • Navigation
            • Homework Submission
            • Editor Button
            • Migration Selection
            • Link Selection (Modules)
            • Assignment Selection
            • Collaborations
        • xAPI
        • Canvas Roles
        • Plagiarism Detection Platform
          • Overview
          • Plagiarism Detection Platform Assignments
          • Plagiarism Detection Platform Users
          • Plagiarism Detection Submissions
          • Webhooks Subscriptions for Plagiarism Platform
          • JWT Access Tokens
      • Data Services
        • Live Events
          • Overview
            • Introduction
            • Setup
            • Caliper
            • Metadata
          • Event Format
            • Canvas
              • Account
              • Asset
              • Assignment
              • Attachment
              • Content
              • Conversation
              • Course
              • Discussion
              • Enrollment
              • Grade
              • Group
              • Learning
              • Logged
              • Module
              • Outcome
              • Outcomes
              • Plagiarism
              • Quiz
              • Rubric
              • Sis
              • Submission
              • Syllabus
              • User
              • Wiki
            • Caliper IMS 1.1
              • Assessment
              • Basic
              • Forum
              • Grading
              • Navigation Events
              • Session
    • Catalog
      • APIs
        • Analytics
        • Bulk Enrollments
        • Catalogs
        • Certificates
        • Completed Certificates
        • Courses
        • Email Domain Set
        • Enrollments
        • Orders
        • Programs
        • Progresses
        • Tags
        • User Registrations
        • Users
        • Waitlist Applicants
    • Credentials
      • Getting Started
      • Authentication
        • Password-Based Authentication
        • Authorization Code-Based Authentication
      • Pagination
      • APIs
        • Assertions
        • Backpack
        • Badgeclasses
        • Issuers
        • Organizations
        • Users
      • Release Notes
    • Data Access Platform
      • Key Concepts
      • Data Formats
      • Rate Limits & Policies
      • Datasets
        • Namespaces
          • canvas
            • canvas types
          • canvas_logs
          • catalog
        • Additional Notes
        • Entity Relationship Diagram
      • Query API
        • Authentication
        • Reference
      • Command Line (DAP CLI)
        • Getting Started
        • Secure Connection
        • Reference
          • dap snapshot
          • dap incremental
          • dap list
          • dap schema
          • dap initdb
          • dap syncdb
          • dap dropdb
      • Client Library
        • Examples
        • Reference
      • Release Notes
      • Status
    • DataSync
      • Interop API
      • Interop Data API
      • Grades Exchange API
      • OneRoster API
      • Platform API
    • Instructure Media
      • Studio API
    • Quizzes
      • Quiz API
Powered by GitBook

Copyright © 2008-2024 Instructure, Inc. All rights reserved. Various trademarks held by their respective owners.

On this page
  • Get current settings for account or course
  • Enable, disable, or clear explicit CSP setting
  • Lock or unlock current CSP settings for sub-accounts and courses
  • Add an allowed domain to account
  • Add multiple allowed domains to an account
  • Remove a domain from account

Was this helpful?

  1. Services
  2. Canvas LMS
  3. Resources

Content Security Policy Settings

PreviousContent MigrationsNextContent Shares

Last updated 1 month ago

Was this helpful?

BETA: This API resource is not finalized, and there could be breaking changes before its final release.

API for enabling/disabling the use of Content Security Policy headers and configuring allowed domains

BETA: This API endpoint is not finalized, and there could be breaking changes before its final release.

GET /api/v1/courses/:course_id/csp_settings

Scope: url:GET|/api/v1/courses/:course_id/csp_settings

GET /api/v1/accounts/:account_id/csp_settings

Scope: url:GET|/api/v1/accounts/:account_id/csp_settings

Update multiple modules in an account.

API response field:

  • enabled

Whether CSP is enabled.

  • inherited

Whether the current CSP settings are inherited from a parent account.

  • settings_locked

Whether current CSP settings can be overridden by sub-accounts and courses.

  • effective_whitelist

If enabled, lists the currently allowed domains (includes domains automatically allowed through external tools).

  • tools_whitelist

(Account-only) Lists the automatically allowed domains with their respective external tools

  • current_account_whitelist

(Account-only) Lists the current list of domains explicitly allowed by this account. (Note: this list will not take effect unless CSP is explicitly enabled on this account)

BETA: This API endpoint is not finalized, and there could be breaking changes before its final release.

PUT /api/v1/courses/:course_id/csp_settings

Scope: url:PUT|/api/v1/courses/:course_id/csp_settings

PUT /api/v1/accounts/:account_id/csp_settings

Scope: url:PUT|/api/v1/accounts/:account_id/csp_settings

Either explicitly sets CSP to be on or off for courses and sub-accounts, or clear the explicit settings to default to those set by a parent account

Note: If “inherited” and “settings_locked” are both true for this account or course, then the CSP setting cannot be modified.

Request Parameters:

Parameter
Type
Description

status

Required string

If set to “enabled” for an account, CSP will be enabled for all its courses and sub-accounts (that have not explicitly enabled or disabled it), using the allowed domains set on this account. If set to “disabled”, CSP will be disabled for this account or course and for all sub-accounts that have not explicitly re-enabled it. If set to “inherited”, this account or course will reset to the default state where CSP settings are inherited from the first parent account to have them explicitly set.

Allowed values: enabled, disabled, inherited

BETA: This API endpoint is not finalized, and there could be breaking changes before its final release.

PUT /api/v1/accounts/:account_id/csp_settings/lock

Scope: url:PUT|/api/v1/accounts/:account_id/csp_settings/lock

Can only be set if CSP is explicitly enabled or disabled on this account (i.e. “inherited” is false).

Request Parameters:

Parameter
Type
Description

settings_locked

Required boolean

Whether sub-accounts and courses will be prevented from overriding settings inherited from this account.

BETA: This API endpoint is not finalized, and there could be breaking changes before its final release.

POST /api/v1/accounts/:account_id/csp_settings/domains

Scope: url:POST|/api/v1/accounts/:account_id/csp_settings/domains

Adds an allowed domain for the current account. Note: this will not take effect unless CSP is explicitly enabled on this account.

Request Parameters:

Parameter
Type
Description

domain

Required string

no description

BETA: This API endpoint is not finalized, and there could be breaking changes before its final release.

POST /api/v1/accounts/:account_id/csp_settings/domains/batch_create

Scope: url:POST|/api/v1/accounts/:account_id/csp_settings/domains/batch_create

Adds multiple allowed domains for the current account. Note: this will not take effect unless CSP is explicitly enabled on this account.

Request Parameters:

Parameter
Type
Description

domains

Required Array

no description

BETA: This API endpoint is not finalized, and there could be breaking changes before its final release.

DELETE /api/v1/accounts/:account_id/csp_settings/domains

Scope: url:DELETE|/api/v1/accounts/:account_id/csp_settings/domains

Removes an allowed domain from the current account.

Request Parameters:

Parameter
Type
Description

domain

Required string

no description


This documentation is generated directly from the Canvas LMS source code, available .

CspSettingsController#set_csp_setting
CspSettingsController#set_csp_lock
CspSettingsController#add_domain
CspSettingsController#add_multiple_domains
CspSettingsController#remove_domain
on Github
CspSettingsController#get_csp_settings
Get current settings for account or course
Enable, disable, or clear explicit CSP setting
Lock or unlock current CSP settings for sub-accounts and courses
Add an allowed domain to account
Add multiple allowed domains to an account
Remove a domain from account