webapps-cspolicy

Manage Content Security Policy (CSP) for web apps from the command line on Windows, Linux, and macOS systems

Since R2024b

collapse all in page

Syntax

webapps-cspolicy set directive expression
webapps-cspolicy remove directive
webapps-cspolicy list
webapps-cspolicy [--version | -v]
webapps-cspolicy [--help | -h]

Description

webapps-cspolicy set directive expression updates or adds a directive with the specified expression to the Content Security Policy.

example

webapps-cspolicy remove directive removes the specified directive from the Content Security Policy. If the directive has not been previously configured, the command does not return an error.

example

webapps-cspolicy list lists the current Content Security Policy directives and their associated values.

example

webapps-cspolicy [--version | -v] returns the version of MATLAB® Web App Server™ installed.

webapps-cspolicy [--help | -h] returns command-line help.

Examples

collapse all

To allow inline JavaScript® execution in web apps using uihtml (MATLAB) components, type:

webapps-cspolicy set script-src "'unsafe-inline'"

To load scripts from ArcGIS servers for web apps that use the geoglobe function in the Mapping Toolbox™, type:

webapps-cspolicy set script-src https://server.arcgisonline.com/

To permit web apps to connect to MathWorks® and ArcGIS Online services for map data, type:

webapps-cspolicy set connect-src "https://ssd.mathworks.com/ https://server.arcgisonline.com/"

To allow the use of blob URLs for images in dynamic content, type:

webapps-cspolicy set img-src "blob:"

To remove the img-src directive from the Content Security Policy, type:

webapps-cspolicy remove img-src

To display all current CSP directives and their values, type:

webapps-cspolicy list

Input Arguments

collapse all

Specify the Content Security Policy (CSP) rule to be manipulated. It represents the CSP directive such as script-src or img-src that you intend to add, update, or remove. Directives are used to define the sources from which certain types of resources can be loaded or executed in the context of the web app.

Example: script-src

Specify the criteria or source list for the specified directive. It details the conditions under which the specified type of resource can be loaded or executed. For instance, it can be a URL, a keyword like 'self', or 'unsafe-inline' to allow inline scripts. The expression effectively sets the policy for the specified directive, controlling resource access and execution based on the defined security policy.

Tips

Security Considerations: When the server is configured to use MATLAB Runtime versions earlier than R2023b, the unsafe-inline attribute is included in the script-src directive of the server's Content Security Policy and cannot be removed. The attribute allows inline JavaScript execution and event handlers contained within a web app to execute on the server. To enable these runtimes, see webapps-runtime.

Version History

Introduced in R2024b

See Also

|

Topics