Validate SOAP content type

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Use the glide.soap.require_content_type_xml property to enable validation of a content type as text/xml and protect against invalid SOAP requests.

    If the glide.soap.require_content_type_xml system property is not set to the recommended value of true, then there is no validation for the SOAP request.

    Ensure that the property glide.soap.require_content_type_xml is set to true.

    Warning:
    This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.

    More information

    Attribute Description
    Configuration name glide.soap.require_content_type_xml
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value true
    Default value <none>
    Fallback value false
    Category API and web service
    Security risk
    • Severity score: 8.8
    • CVSS rating: High
    • Security risk details: This lack of validation can enable Cross-Site Request Forgery (CSRF) attacks, allowing malicious actors to trick authenticated users into sending unauthorized SOAP requests.
    Functional impact This remediation enables validation of SOAP content type for all the inbound SOAP requests.
    • If you are using a content type other than text/xml for inbound requests, it may cause potential failure of SOAP transactions.
    • If you are not using the correct MIME type, it could disrupt third-party integrations.
    Dependencies and prerequisites None