You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Amichai Rothman (Jira)" <ji...@apache.org> on 2022/05/29 13:57:00 UTC
[jira] [Commented] (CXF-8636) Swagger2Feature: Can't set url in UI through SwaggerUiConfig
[ https://issues.apache.org/jira/browse/CXF-8636?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17543639#comment-17543639 ]
Amichai Rothman commented on CXF-8636:
--------------------------------------
The services list page generated by CXF still shows e.g.:
|Endpoint address: https://localhost:8183/api/v1
WADL : [https://localhost:8183/api/v1?_wadl|https://localhost:8183/api/psd2?_wadl]
OpenAPI : [https://localhost:8183/api/v1/api-docs?url=/api/v1/openapi.json|https://localhost:8183/api/psd2/api-docs?url=/api/psd2/openapi.json]|
With the bottom link broken by this issue (showing the petstore instead of the application api that it used to show in previous versions).
> Swagger2Feature: Can't set url in UI through SwaggerUiConfig
> ------------------------------------------------------------
>
> Key: CXF-8636
> URL: https://issues.apache.org/jira/browse/CXF-8636
> Project: CXF
> Issue Type: Bug
> Affects Versions: 3.5.0, 3.4.5
> Reporter: Markus Plangg
> Assignee: Andriy Redko
> Priority: Minor
> Fix For: 3.4.6, 3.5.1, 4.0.0
>
>
> I've included the swagger ui by adding a dependency on org.webjars:swagger-ui.
> The [Documentation|https://cxf.apache.org/docs/swagger2feature.html#Swagger2Feature-ConfiguringSwaggerUI(3.2.7+)] mentions that the swagger UI can be configured through SwaggerUiConfig which sets config as query params.
>
> Since [swagger ui 4.1.3|https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3] passing the default url as query parameter, e.g. `?url=swagger.json` is disabled by default due to security concerns. Instead the default swagger PetStore definition is loaded.
>
> It's possible to restore the old behaviour by setting queryConfigEnabled, but I couldn't find a way to set this. Of course enabling this also brings back the security issue.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)