updateXssConfiguration
put
/ccadmin/v1/merchant/xssConfiguration
Update anti-XSS (anti-cross-site-scripting) configuration. Allows whitelisting of endpoints by URI prefix or endpoint id and configuring specific XML tags to allow.
Request
Supported Media Types
- application/json
Root Schema : updateXssConfiguration_request
Type:
Show Source
object-
endpointIdsToAlwaysValidate(optional):
array endpointIdsToAlwaysValidate
List of endpoints by id that will have their request bodies XSS validated even if they fall under the whitelists. This is an editable list.
-
endpointIdsWhitelist(optional):
array endpointIdsWhitelist
List of endpoints by id that will not have their request bodies XSS validated. This is an editable list.
-
htmlValidatorAllowedAttributeAdditions(optional):
array htmlValidatorAllowedAttributeAdditions
Editable list of additional attribute names for the HTML parser-based anti-XSS validator to allow.
-
htmlValidatorAllowedTagAdditions(optional):
array htmlValidatorAllowedTagAdditions
Editable list of additional tag names for the HTML parser-based anti-XSS validator to allow.
-
htmlValidatorEnabled(optional):
boolean
Whether the HTML parser-based anti-XSS validator is enabled.
-
illegalAttributeNames(optional):
array illegalAttributeNames
Editable illegal XML attribute name list.
-
tagWhitelist(optional):
array tagWhitelist
The list of XML tags that are allowed via whitelist. This is the built-in list and is read-only
-
tagWhitelistAdditions(optional):
array tagWhitelistAdditions
List of additional XML tags that are allowed via whitelist. This is an editable list.
-
uriPrefixesWhitelist(optional):
array uriPrefixesWhitelist
List of URI prefixes. Endpoints whose URI's include any of these prefixes will not have their request bodies XSS validated. This is an editable list.
Example:
{
"endpointIdsWhitelist":[
"applicationJavaScript"
],
"uriPrefixesWhitelist":[
"/ccadmin/v1"
],
"tagWhitelistAdditions":[
"foo",
"bar"
],
"tagWhitelist":[
"a",
"abbr",
"acronym",
"address",
"b",
"big",
"blockquote",
"br",
"caption",
"cite",
"code",
"col",
"colgroup",
"dd",
"defn",
"del",
"dir",
"div",
"dt",
"em",
"h1",
"h2",
"h3",
"h4",
"h5",
"h6",
"hr",
"i",
"img",
"ins",
"kbd",
"li",
"link",
"menu",
"ol",
"p",
"pre",
"q",
"samp",
"small",
"span",
"strong",
"sub",
"sup",
"table",
"tbody",
"td",
"tfoot",
"th",
"thread",
"tr",
"tt",
"ul",
"var"
],
"endpointIdsToAlwaysValidate":[
"createProduct",
"updateProduct"
]
}Nested Schema : endpointIdsToAlwaysValidate
Type:
arrayList of endpoints by id that will have their request bodies XSS validated even if they fall under the whitelists. This is an editable list.
Show Source
Nested Schema : endpointIdsWhitelist
Type:
arrayList of endpoints by id that will not have their request bodies XSS validated. This is an editable list.
Show Source
Nested Schema : htmlValidatorAllowedAttributeAdditions
Type:
arrayEditable list of additional attribute names for the HTML parser-based anti-XSS validator to allow.
Show Source
Nested Schema : htmlValidatorAllowedTagAdditions
Type:
arrayEditable list of additional tag names for the HTML parser-based anti-XSS validator to allow.
Show Source
Nested Schema : illegalAttributeNames
Type:
arrayEditable illegal XML attribute name list.
Show Source
Nested Schema : tagWhitelist
Type:
arrayThe list of XML tags that are allowed via whitelist. This is the built-in list and is read-only
Show Source
Nested Schema : tagWhitelistAdditions
Type:
arrayList of additional XML tags that are allowed via whitelist. This is an editable list.
Show Source
Nested Schema : uriPrefixesWhitelist
Type:
arrayList of URI prefixes. Endpoints whose URI's include any of these prefixes will not have their request bodies XSS validated. This is an editable list.
Show Source
Response
Supported Media Types
- application/json
200 Response
Following model is returned when operation succeeds.
Root Schema : updateXssConfiguration_response
Type:
Show Source
object-
endpointIdsToAlwaysValidate(optional):
array endpointIdsToAlwaysValidate
Editable endpoint ids that will be XSS validated even if they fall under the whitelists.
-
endpointIdsWhitelist(optional):
array endpointIdsWhitelist
Editable whitelist of endpoint ids that will not perform XSS validation.
-
htmlValidatorAllowedAttributeAdditions(optional):
array htmlValidatorAllowedAttributeAdditions
Editable list of additional attribute names for the HTML parser-based anti-XSS validator to allow.
-
htmlValidatorAllowedTagAdditions(optional):
array htmlValidatorAllowedTagAdditions
Editable list of additional tag names for the HTML parser-based anti-XSS validator to allow.
-
htmlValidatorEnabled(optional):
boolean
Whether the HTML parser-based anti-XSS validator is enabled.
-
illegalAttributeNames(optional):
array illegalAttributeNames
Editable illegal XML attribute name list.
-
tagWhitelist(optional):
array tagWhitelist
Read-only built-in setting for XML tags that are allowed in input values.
-
tagWhitelistAdditions(optional):
array tagWhitelistAdditions
Editable additional XML tags that are allowed in input values.
-
uriPrefixesWhitelist(optional):
array uriPrefixesWhitelist
Editable whitelist of endpoint URI prefixes that will not perform XSS validation.
Nested Schema : endpointIdsToAlwaysValidate
Type:
arrayEditable endpoint ids that will be XSS validated even if they fall under the whitelists.
Show Source
Nested Schema : endpointIdsWhitelist
Type:
arrayEditable whitelist of endpoint ids that will not perform XSS validation.
Show Source
Nested Schema : htmlValidatorAllowedAttributeAdditions
Type:
arrayEditable list of additional attribute names for the HTML parser-based anti-XSS validator to allow.
Show Source
Nested Schema : htmlValidatorAllowedTagAdditions
Type:
arrayEditable list of additional tag names for the HTML parser-based anti-XSS validator to allow.
Show Source
Nested Schema : illegalAttributeNames
Type:
arrayEditable illegal XML attribute name list.
Show Source
Nested Schema : tagWhitelist
Type:
arrayRead-only built-in setting for XML tags that are allowed in input values.
Show Source
Nested Schema : tagWhitelistAdditions
Type:
arrayEditable additional XML tags that are allowed in input values.
Show Source
Nested Schema : uriPrefixesWhitelist
Type:
arrayEditable whitelist of endpoint URI prefixes that will not perform XSS validation.
Show Source
Example Response (application/json)
{
"endpointIdsWhitelist":[
"applicationJavaScript"
],
"uriPrefixesWhitelist":[
"/ccadmin/v1"
],
"tagWhitelistAdditions":[
"bar",
"foo"
],
"endpointIdsToAlwaysValidate":[
"createProduct",
"updateProduct"
]
}Default Response
The error response.
The following are the internal error codes thrown by this API when the request processing fails in Oracle Commerce Cloud:
|Error Code|Description|
|------------------|------------------|
|13001|Validation errors were found in the input.|
Root Schema : errorModel
Type:
Show Source
object-
devMessage(optional):
string
An optional non-localized message containing technical information for developers
-
errorCode(optional):
string
The numerical code identifying the error
-
errors(optional):
array errors
An optional list of errors if multiple errors were encountered
-
message(optional):
string
The localized message describing the error
-
moreInfo(optional):
string
An optional non-localized message with more information
-
o:errorPath(optional):
string
An optional machine readable description of where the error occurred
-
status(optional):
string
The HTTP status code
-
type(optional):
string
The URI to the HTTP state code definition
Nested Schema : errors
Type:
arrayAn optional list of errors if multiple errors were encountered
Show Source
Nested Schema : items
Type:
Show Source
object-
devMessage(optional):
string
An optional non-localized message containing technical information for developers
-
errorCode(optional):
string
The numerical code identifying the error
-
message(optional):
string
The localized message describing the error
-
moreInfo(optional):
string
An optional non-localized message with more information
-
o:errorPath(optional):
string
An optional machine readable description of where the error occurred
-
status(optional):
string
The HTTP status code