Validate SOAP content type [Updated in Security Center 1.3]
Use the glide.soap.require_content_type_xml property to enable validation of a content type as text/xml and protect against invalid SOAP requests.
- When set to true, the ServiceNow AI Platform validates the content type as text/xml and protects against invalid SOAP requests.
- If set to false, any content-type value is allowed.
Warning:
This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.
More information
| Attribute | Description |
|---|---|
| Property name | glide.soap.require_content_type_xml |
| Configuration type | System Properties (/sys_properties_list.do) |
| Category | API and web service |
| Purpose | Protect against invalid SOAP requests |
| Recommended value | true |
| Default value | true |
| Security risk rating | 8.8 |
| Functional impact | This remediation enables validation of SOAP content type for all the inbound SOAP requests.
|
| Security risk | (Moderate) When accepting inbound SOAP requests, the appropriate validation is performed to ensure that the relevant content type is being defined as a part of the request. It restricts the invalid SOAP responses that can be viewed as a security risk. |
| Reference | Content types |
To learn more about adding or creating a system property, see Add a system property.