[
https://issues.apache.org/jira/browse/CXF-8636?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17543932#comment-17543932
]
Amichai Rothman commented on CXF-8636:
--------------------------------------
Great! Perhaps you can also update the OpenAPIFeature docs about this? They
still show the url query param and don't mention any of the required changes
and what works or doesn't work out of the box now...
[https://cwiki.apache.org/confluence/display/CXF20DOC/OpenAPIFeature#OpenApiFeature-EnablingSwaggerUI]
> Swagger2Feature: Can't set url in UI through SwaggerUiConfig
> ------------------------------------------------------------
>
> Key: CXF-8636
> URL: https://issues.apache.org/jira/browse/CXF-8636
> Project: CXF
> Issue Type: Bug
> Affects Versions: 3.5.0, 3.4.5
> Reporter: Markus Plangg
> Assignee: Andriy Redko
> Priority: Minor
> Fix For: 3.4.6, 3.5.1, 4.0.0
>
>
> I've included the swagger ui by adding a dependency on org.webjars:swagger-ui.
> The
> [Documentation|https://cxf.apache.org/docs/swagger2feature.html#Swagger2Feature-ConfiguringSwaggerUI(3.2.7+)]
> mentions that the swagger UI can be configured through SwaggerUiConfig which
> sets config as query params.
>
> Since [swagger ui
> 4.1.3|https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3] passing
> the default url as query parameter, e.g. `?url=swagger.json` is disabled by
> default due to security concerns. Instead the default swagger PetStore
> definition is loaded.
>
> It's possible to restore the old behaviour by setting queryConfigEnabled, but
> I couldn't find a way to set this. Of course enabling this also brings back
> the security issue.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
