[jira] [Commented] (CXF-8636) Swagger2Feature: Can't set url in UI through SwaggerUiConfig

Wed, 01 Jun 2022 06:06:41 -0700 


    [ 
https://issues.apache.org/jira/browse/CXF-8636?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17544893#comment-17544893
 ] 

Andriy Redko commented on CXF-8636:
-----------------------------------

[~amichai] 

> I still can't get it to work though. On Karaf 4.3.7, CXF 3.5.2, blueprint, 
> OpenApiFeature with or without an explicit SwaggerUiConfig bean, the cxf 
> services list page still shows the url query parameter on the link (as I 
> pasted above - this may be a separate but related issue)

This is fine in a sense that CXF always pass it through (fe you may use 
different version of the Swagger UI), it should not be an issue

> also browsing to the page with or without the query string, even with adding 
> an explicit index.html manually (as far as I can see in the code it looks for 
> that hard-coded string when applying the workaround), everything results in 
> seeing the petstore api

That is not intended behavior, I will double check it under Karaf

> Maybe there's something else I need to be doing, but this used to work out of 
> the box, and now does not.

The change comes from SwaggerUI and needs adjustment across the board (not only 
CXF is affected).

 

> Swagger2Feature: Can't set url in UI through SwaggerUiConfig
> ------------------------------------------------------------
>
>                 Key: CXF-8636
>                 URL: https://issues.apache.org/jira/browse/CXF-8636
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 3.5.0, 3.4.5
>            Reporter: Markus Plangg
>            Assignee: Andriy Redko
>            Priority: Minor
>             Fix For: 3.4.6, 3.5.1, 4.0.0
>
>
> I've included the swagger ui by adding a dependency on org.webjars:swagger-ui.
> The 
> [Documentation|https://cxf.apache.org/docs/swagger2feature.html#Swagger2Feature-ConfiguringSwaggerUI(3.2.7+)]
>  mentions that the swagger UI can be configured through SwaggerUiConfig which 
> sets config as query params.
>  
> Since [swagger ui 
> 4.1.3|https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3] passing 
> the default url as query parameter, e.g. `?url=swagger.json` is disabled by 
> default due to security concerns. Instead the default swagger PetStore 
> definition is loaded.
>  
> It's possible to restore the old behaviour by setting queryConfigEnabled, but 
> I couldn't find a way to set this. Of course enabling this also brings back 
> the security issue.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

Reply via email to