Content Security Policy Settings
BETA: This API resource is not finalized, and there could be breaking changes before its final release.
API for enabling/disabling the use of Content Security Policy headers and configuring allowed domains
CspSettingsController#get_csp_settings
BETA: This API endpoint is not finalized, and there could be breaking changes before its final release.
GET /api/v1/courses/:course_id/csp_settings
GET /api/v1/courses/:course_id/csp_settingsScope: url:GET|/api/v1/courses/:course_id/csp_settings
GET /api/v1/accounts/:account_id/csp_settings
GET /api/v1/accounts/:account_id/csp_settingsScope: url:GET|/api/v1/accounts/:account_id/csp_settings
Update multiple modules in an account.
API response field:
enabled
Whether CSP is enabled.
inherited
Whether the current CSP settings are inherited from a parent account.
settings_locked
Whether current CSP settings can be overridden by sub-accounts and courses.
effective_whitelist
If enabled, lists the currently allowed domains (includes domains automatically allowed through external tools).
tools_whitelist
(Account-only) Lists the automatically allowed domains with their respective external tools
current_account_whitelist
(Account-only) Lists the current list of domains explicitly allowed by this account. (Note: this list will not take effect unless CSP is explicitly enabled on this account)
CspSettingsController#set_csp_setting
BETA: This API endpoint is not finalized, and there could be breaking changes before its final release.
PUT /api/v1/courses/:course_id/csp_settings
PUT /api/v1/courses/:course_id/csp_settingsScope: url:PUT|/api/v1/courses/:course_id/csp_settings
PUT /api/v1/accounts/:account_id/csp_settings
PUT /api/v1/accounts/:account_id/csp_settingsScope: url:PUT|/api/v1/accounts/:account_id/csp_settings
Either explicitly sets CSP to be on or off for courses and sub-accounts, or clear the explicit settings to default to those set by a parent account
Note: If “inherited” and “settings_locked” are both true for this account or course, then the CSP setting cannot be modified.
Request Parameters:
| Parameter | Type | Description |
|---|---|---|
| Required | If set to “enabled” for an account, CSP will be enabled for all its courses and sub-accounts (that have not explicitly enabled or disabled it), using the allowed domains set on this account. If set to “disabled”, CSP will be disabled for this account or course and for all sub-accounts that have not explicitly re-enabled it. If set to “inherited”, this account or course will reset to the default state where CSP settings are inherited from the first parent account to have them explicitly set. Allowed values: |
CspSettingsController#set_csp_lock
BETA: This API endpoint is not finalized, and there could be breaking changes before its final release.
PUT /api/v1/accounts/:account_id/csp_settings/lock
PUT /api/v1/accounts/:account_id/csp_settings/lockScope: url:PUT|/api/v1/accounts/:account_id/csp_settings/lock
Can only be set if CSP is explicitly enabled or disabled on this account (i.e. “inherited” is false).
Request Parameters:
| Parameter | Type | Description |
|---|---|---|
| Required | Whether sub-accounts and courses will be prevented from overriding settings inherited from this account. |
CspSettingsController#add_domain
BETA: This API endpoint is not finalized, and there could be breaking changes before its final release.
POST /api/v1/accounts/:account_id/csp_settings/domains
POST /api/v1/accounts/:account_id/csp_settings/domainsScope: url:POST|/api/v1/accounts/:account_id/csp_settings/domains
Adds an allowed domain for the current account. Note: this will not take effect unless CSP is explicitly enabled on this account.
Request Parameters:
| Parameter | Type | Description |
|---|---|---|
| Required | no description |
CspSettingsController#add_multiple_domains
BETA: This API endpoint is not finalized, and there could be breaking changes before its final release.
POST /api/v1/accounts/:account_id/csp_settings/domains/batch_create
POST /api/v1/accounts/:account_id/csp_settings/domains/batch_createScope: url:POST|/api/v1/accounts/:account_id/csp_settings/domains/batch_create
Adds multiple allowed domains for the current account. Note: this will not take effect unless CSP is explicitly enabled on this account.
Request Parameters:
| Parameter | Type | Description |
|---|---|---|
| Required | no description |
CspSettingsController#remove_domain
BETA: This API endpoint is not finalized, and there could be breaking changes before its final release.
DELETE /api/v1/accounts/:account_id/csp_settings/domains
DELETE /api/v1/accounts/:account_id/csp_settings/domainsScope: url:DELETE|/api/v1/accounts/:account_id/csp_settings/domains
Removes an allowed domain from the current account.
Request Parameters:
| Parameter | Type | Description |
|---|---|---|
| Required | no description |
© Instructure, Inc. Generated on Wed Nov 6 14:20:05 2024 This documentation is generated directly from the Canvas LMS source code, available on Github.
Last updated