SOAP content type checking (instance security hardening)

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 1 minute to read

    • Use the glide.soap.require_content_type_xml property to enable validation of a content type as text/xml and protect against invalid SOAP requests.

    • When set to true, the ServiceNow AI Platform validates the content type as text/xml and protects against invalid SOAP requests.
    • If set to false, any content-type value is allowed.

    More information

    Attribute Description
    Property name glide.soap.require_content_type_xml
    Configuration type System Properties (/sys_properties_list.do)
    Configure in Instance Security Center Yes
    Purpose Protect against invalid SOAP requests
    Recommended value true
    Functional ImpactThis remediation enables validation of SOAP content type for all the inbound SOAP requests.
    • If you are using a content type other than text/xml for inbound requests, it may cause potential failure of SOAP transactions.
    • If you are not using the correct MIME type, it could disrupt third-party integrations.
    Security risk (High) When accepting inbound SOAP requests, the appropriate validation is performed to ensure that the relevant content type is being defined as a part of the request. It restricts the invalid SOAP responses that can be viewed as a security risk.
    Reference Content types

    To learn more about adding or creating a system property, see Add a system property.