REST API for Oracle Analytics Server

Create or update a safe domain

put

/api/20210901/system/safeDomains/{urlBase64DomainId}

Create or update a safe domain for an Analytics instance.

Request

Path Parameters

urlBase64DomainId(required): string

Safe domain value with Base64URL encoding. For example, if you want to create or update the safe domain my.safe-domain.com, enter the Base64URL encoded value 'bXkuc2FmZS1kb21haW4uY29t'.

Supported Media Types

application/json

Root Schema : schema

Type: object

An object representing the properties of a safe domain.

Show Source

connect-src(required): boolean

Restricts the URLs that can be loaded using script interfaces.
font-src(required): boolean

Specifies valid sources for fonts loaded using @font-face.
form-action(required): boolean

Restricts the URLs that can be used as the target of a form submissions from a given context.
frame-ancestors(required): boolean

Specifies valid parents that may embed a page using <frame>, <iframe>, <object>, or <embed>.
frame-src(required): boolean

Specifies valid sources for nested browsing contexts that load using elements such as <frame> and <iframe>.
img-src(required): boolean

Specifies valid sources for images and favicons.
media-src(required): boolean

Specifies valid sources for loading media using <audio>, <video>, and <track> elements.
script-src(required): boolean

Specifies valid sources for JavaScript and WebAssembly resources.
style-src(required): boolean

Specifies valid sources for stylesheets.

{
    "description":"An object representing the properties of a safe domain.",
    "type":"object",
    "properties":{
        "img-src":{
            "type":"boolean",
            "description":"Specifies valid sources for images and favicons."
        },
        "frame-src":{
            "type":"boolean",
            "description":"Specifies valid sources for nested browsing contexts that load using elements such as &lt;frame&gt; and &lt;iframe&gt;."
        },
        "script-src":{
            "type":"boolean",
            "description":"Specifies valid sources for JavaScript and WebAssembly resources."
        },
        "font-src":{
            "type":"boolean",
            "description":"Specifies valid sources for fonts loaded using @font-face."
        },
        "style-src":{
            "type":"boolean",
            "description":"Specifies valid sources for stylesheets."
        },
        "media-src":{
            "type":"boolean",
            "description":"Specifies valid sources for loading media using &lt;audio&gt;, &lt;video&gt;, and &lt;track&gt; elements."
        },
        "connect-src":{
            "type":"boolean",
            "description":"Restricts the URLs that can be loaded using script interfaces."
        },
        "frame-ancestors":{
            "type":"boolean",
            "description":"Specifies valid parents that may embed a page using &lt;frame&gt;, &lt;iframe&gt;, &lt;object&gt;, or &lt;embed&gt;."
        },
        "form-action":{
            "type":"boolean",
            "description":"Restricts the URLs that can be used as the target of a form submissions from a given context."
        }
    },
    "required":[
        "img-src",
        "frame-src",
        "script-src",
        "font-src",
        "style-src",
        "media-src",
        "connect-src",
        "frame-ancestors",
        "form-action"
    ],
    "additionalProperties":false
}

Response

Supported Media Types

application/json

200 Response

Updated an existing safe domain.

201 Response

Created a safe domain.

400 Response

Bad request (validation failed).

Root Schema : 400BadRequest

Bad Request (invalid query parameters, malformed headers, and so on).

403 Response

Not authorized to create or update safe domains.

Root Schema : 403Forbidden

Forbidden (missing permissions for operation, request denied for unspecified reason, and so on).

Examples

In this example, you register the safe domain my.safe-domain.com with the Oracle Analytics instance. The Base64URL encoded value for my.safe-domain.com is: bXkuc2FmZS1kb21haW4uY29t

You specify a Content Security Policy (CSP) for the domain that allows authorized users to access images and scripts from the domain (img-src = true and script-src = true) and load content from this domain into <frames> and <iframes> (frame-src = true).

cURL Example:

curl -i \
  --header 'Authorization: Bearer <token>' \
  --request PUT 'https://<hostname>/api/20210901/system/safeDomains/bXkuc2FmZS1kb21haW4uY29t' \
  --data '{  \
           "img-src": true, \
           "frame-src": true, \
           "script-src": true, \
           "font-src": false, \
           "style-src": false, \
           "media-src": false, \
           "connect-src": false, \
           "frame-ancestors": false, \
           "form-action": false \
           }'

Example of Request Body

{
   "img-src": Boolean,
   "frame-src": Boolean,
   "script-src": Boolean,
   "font-src": Boolean,
   "style-src": Boolean,
   "media-src": Boolean,
   "connect-src": Boolean,
   "frame-ancestors": Boolean,
   "form-action": Boolean
}

For example:

{
   "img-src": true,
   "frame-src": true,
   "script-src": true,
   "font-src": false,
   "style-src": false,
   "media-src": false,
   "connect-src": true,
   "frame-ancestors": true,
   "form-action": false
}

Example of Request Header

Not applicable.

Example of Response Body

If an existing safe domain updates successfully, the response body returns the 200 response code. For example:

Status 200

If a new safe domain creates successfully, the response body returns the 201 response code. For example:

Status 201