REST API for Oracle Analytics Server

Get all safe domains

get

/api/20210901/system/safeDomains

Return a list of all safe domains configured for an Analytics instance.

Request

There are no request parameters for this operation.

There's no request body for this operation.

Response

Supported Media Types

application/json

200 Response

Successful operation.

Root Schema : schema

Type: array

Show Source

Array of: object SafeDomainListItem

Additional Properties Allowed: SafeDomain

Safe domain entry

{
    "type":"array",
    "items":{
        "$ref":"#/components/schemas/SafeDomainListItem"
    }
}

Nested Schema : SafeDomainListItem

Type: object

Additional Properties Allowed

Show Source

object SafeDomain

An object representing the properties of a safe domain.

{
    "description":"Safe domain entry",
    "type":"object",
    "additionalProperties":{
        "$ref":"#/components/schemas/SafeDomain"
    }
}

Safe domain entry

Nested Schema : SafeDomain

Type: object

An object representing the properties of a safe domain.

Show Source

connect-src(required): boolean

Restricts the URLs that can be loaded using script interfaces.
font-src(required): boolean

Specifies valid sources for fonts loaded using @font-face.
form-action(required): boolean

Restricts the URLs that can be used as the target of a form submissions from a given context.
frame-ancestors(required): boolean

Specifies valid parents that may embed a page using <frame>, <iframe>, <object>, or <embed>.
frame-src(required): boolean

Specifies valid sources for nested browsing contexts that load using elements such as <frame> and <iframe>.
img-src(required): boolean

Specifies valid sources for images and favicons.
media-src(required): boolean

Specifies valid sources for loading media using <audio>, <video>, and <track> elements.
script-src(required): boolean

Specifies valid sources for JavaScript and WebAssembly resources.
style-src(required): boolean

Specifies valid sources for stylesheets.

{
    "description":"An object representing the properties of a safe domain.",
    "type":"object",
    "properties":{
        "img-src":{
            "type":"boolean",
            "description":"Specifies valid sources for images and favicons."
        },
        "frame-src":{
            "type":"boolean",
            "description":"Specifies valid sources for nested browsing contexts that load using elements such as &lt;frame&gt; and &lt;iframe&gt;."
        },
        "script-src":{
            "type":"boolean",
            "description":"Specifies valid sources for JavaScript and WebAssembly resources."
        },
        "font-src":{
            "type":"boolean",
            "description":"Specifies valid sources for fonts loaded using @font-face."
        },
        "style-src":{
            "type":"boolean",
            "description":"Specifies valid sources for stylesheets."
        },
        "media-src":{
            "type":"boolean",
            "description":"Specifies valid sources for loading media using &lt;audio&gt;, &lt;video&gt;, and &lt;track&gt; elements."
        },
        "connect-src":{
            "type":"boolean",
            "description":"Restricts the URLs that can be loaded using script interfaces."
        },
        "frame-ancestors":{
            "type":"boolean",
            "description":"Specifies valid parents that may embed a page using &lt;frame&gt;, &lt;iframe&gt;, &lt;object&gt;, or &lt;embed&gt;."
        },
        "form-action":{
            "type":"boolean",
            "description":"Restricts the URLs that can be used as the target of a form submissions from a given context."
        }
    },
    "required":[
        "img-src",
        "frame-src",
        "script-src",
        "font-src",
        "style-src",
        "media-src",
        "connect-src",
        "frame-ancestors",
        "form-action"
    ],
    "additionalProperties":false
}

403 Response

Not authorized to view safe domains

Root Schema : 403Forbidden

Forbidden (missing permissions for operation, request denied for unspecified reason, and so on).

Examples

In this example, you get a list of all the safe domains configured for the Oracle Analytics instance and their Content Security Policy (CSP) settings.

cURL Example:

curl -i \
--header 'Authorization: Bearer <token>' \
--request GET 'https://<hostname>/api/20210901/system/safeDomains'

Example of Request Body

Not applicable.

Example of Request Header

Not applicable.

Example of Response Body

If successful, the response body contains an array of safe domains configured for the Oracle Analytics instance with the following structure:

[    
 {     
    "domain": {        
        "img-src": Boolean,        
        "frame-src": Boolean,        
        "script-src": Boolean,        
        "font-src": Boolean,        
        "style-src": Boolean,        
        "media-src": Boolean,        
        "connect-src": Boolean,        
        "frame-ancestors": Boolean,        
        "form-action": Boolean     
      }   
 }
]

For example:

Status 200:

[  
  {     
      "api.mapbox.com": {        
        "img-src": true,        
        "frame-src": true,        
        "script-src": true,        
        "font-src": true,        
        "style-src": true,        
        "media-src": true,        
        "connect-src": true,        
        "frame-ancestors": false,        
        "form-action": false     
       }  
   },  
   {     
      "*.dropboxapi.com": {        
        "img-src": true,        
        "frame-src": false,        
        "script-src": false,        
        "font-src": false,        
        "style-src": false,        
        "media-src": false,        
        "connect-src": true,        
        "frame-ancestors": false,        
        "form-action": false     
       }  
    },  
    {...    
    }
]