[
https://issues.apache.org/jira/browse/CXF-8636?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17475032#comment-17475032
]
Andriy Redko edited comment on CXF-8636 at 1/13/22, 12:53 AM:
--------------------------------------------------------------
Since Swagger UI 4.1.3, the `url` parameter is not accepted through query
string unless such functionality enabled by setting the
`{{{}queryConfigEnabled{}}}` core property [1]. Consequently, this property
could be set only by:
- crafting own SwaggerUI distribution with customized {{swagger-config.yaml}}
- manipulating JS model {{SwaggerUI}}
CXF does not build own SwaggerUI distribution nor modifies / alters the JS
model anyhow, we use `org.webjars.swagger-ui` artifacts as is. Probably, the
only solution which we could offer to keep `url` parameter supported is by
overriding on the fly `index.html` from the `org.webjars.swagger-ui` and
replacing the URL fed to {{SwaggerUI}} model.
[1]
[https://github.com/swagger-api/swagger-ui/blob/master/docs/usage/configuration.md#core]
was (Author: reta):
Since Swagger UI 4.1.3, the `url` parameter is not accepted through query
string unless such functionality enabled by setting the
`{{{}queryConfigEnabled{}}}` core property [1]. Consequently, this property
could be set only by:
- crafting own SwaggerUI distribution with customized {{swagger-config.yaml}}
- manipulating JS model {{SwaggerUI}}
CXF does not build own SwaggerUI distribution nor modifies / alters the JS
model anyhow, we use `org.webjars.swagger-ui` artifacts as is. Probably, the
only solution which could offer to keep `url` parameter supported is by
overriding on the fly `index.html` from the `org.webjars.swagger-ui` and
replacing the URL fed to {{SwaggerUI}} model.
[1]
https://github.com/swagger-api/swagger-ui/blob/master/docs/usage/configuration.md#core
> Swagger2Feature: Can't set url in UI through SwaggerUiConfig
> ------------------------------------------------------------
>
> Key: CXF-8636
> URL: https://issues.apache.org/jira/browse/CXF-8636
> Project: CXF
> Issue Type: Bug
> Affects Versions: 3.5.0, 3.4.5
> Reporter: Markus Plangg
> Assignee: Andriy Redko
> Priority: Minor
> Fix For: 3.4.6, 3.5.1, 4.0.0
>
>
> I've included the swagger ui by adding a dependency on org.webjars:swagger-ui.
> The
> [Documentation|https://cxf.apache.org/docs/swagger2feature.html#Swagger2Feature-ConfiguringSwaggerUI(3.2.7+)]
> mentions that the swagger UI can be configured through SwaggerUiConfig which
> sets config as query params.
>
> Since [swagger ui
> 4.1.3|https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3] passing
> the default url as query parameter, e.g. `?url=swagger.json` is disabled by
> default due to security concerns. Instead the default swagger PetStore
> definition is loaded.
>
> It's possible to restore the old behaviour by setting queryConfigEnabled, but
> I couldn't find a way to set this. Of course enabling this also brings back
> the security issue.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
