[jira] [Commented] (CXF-8636) Swagger2Feature: Can't set url in UI through SwaggerUiConfig

Sun, 29 May 2022 22:05:10 -0700 


    [ 
https://issues.apache.org/jira/browse/CXF-8636?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17543776#comment-17543776
 ] 

Amichai Rothman commented on CXF-8636:
--------------------------------------

I read the documentation, which says that prior to CXF 3.5.1 it would pass the 
url as the query parameter, and in newer CXF it employs a different strategy. 
In this services list page it still passes the url as a query parameter also in 
3.5.2. The documentation also says the new strategy "could be turned off by 
setting {{queryConfigEnabled}}  property of the *SwaggerUiConfig* to 
{{{}true{}}}". It doesn't say anything about having to set this property to get 
it to work in the first place. Perhaps the documentation should be clarified if 
that's not the case.

Also, how does one configure this when using the OpenAPIFeature (from 
blueprint)? is it the same configuration property?

> Swagger2Feature: Can't set url in UI through SwaggerUiConfig
> ------------------------------------------------------------
>
>                 Key: CXF-8636
>                 URL: https://issues.apache.org/jira/browse/CXF-8636
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 3.5.0, 3.4.5
>            Reporter: Markus Plangg
>            Assignee: Andriy Redko
>            Priority: Minor
>             Fix For: 3.4.6, 3.5.1, 4.0.0
>
>
> I've included the swagger ui by adding a dependency on org.webjars:swagger-ui.
> The 
> [Documentation|https://cxf.apache.org/docs/swagger2feature.html#Swagger2Feature-ConfiguringSwaggerUI(3.2.7+)]
>  mentions that the swagger UI can be configured through SwaggerUiConfig which 
> sets config as query params.
>  
> Since [swagger ui 
> 4.1.3|https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3] passing 
> the default url as query parameter, e.g. `?url=swagger.json` is disabled by 
> default due to security concerns. Instead the default swagger PetStore 
> definition is loaded.
>  
> It's possible to restore the old behaviour by setting queryConfigEnabled, but 
> I couldn't find a way to set this. Of course enabling this also brings back 
> the security issue.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

Reply via email to