This article highlights an upcoming change in NetSuite’s RESTlet script behavior that will take effect on September 30, 2024. The change specifically affects RESTlet scripts that return HTML content. After this date, the default Content-Type for HTTP responses from RESTlet scripts without a defined Content-Type header will switch from text/html to text/plain.
What’s Changing?
Currently, the behavior of RESTlet scripts in NetSuite is determined by the Content-Type header in the HTTP request:
- Before September 30, 2024:
- If the Content-Type header is defined in the HTTP request, its value is passed to the HTTP response.
- If the Content-Type header is not defined in the HTTP request, the default Content-Type in the HTTP response is
text/html. - Starting September 30, 2024:
- The default Content-Type in the HTTP response for RESTlet scripts without a defined Content-Type header in the HTTP request will change to
text/plain. - This change aims to improve security by reducing the risk of HTML injection attacks.
Required Actions
To ensure that your RESTlet scripts continue to return HTML content where necessary, you must update these scripts before September 30, 2024:
Review Affected RESTlet Scripts:
- Identify all RESTlet scripts that return HTML content without explicitly setting the Content-Type header.
Update the Scripts:
- Use the
N/scriptTypes/restletmodule in your scripts to explicitly set the Content-Type header totext/htmlin the HTTP response.