You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Amichai Rothman (Jira)" <ji...@apache.org> on 2022/05/29 13:57:00 UTC

[jira] [Commented] (CXF-8636) Swagger2Feature: Can't set url in UI through SwaggerUiConfig

    [ https://issues.apache.org/jira/browse/CXF-8636?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17543639#comment-17543639 ] 

Amichai Rothman commented on CXF-8636:
--------------------------------------

The services list page generated by CXF still shows e.g.:


|Endpoint address: https://localhost:8183/api/v1
WADL : [https://localhost:8183/api/v1?_wadl|https://localhost:8183/api/psd2?_wadl]
OpenAPI : [https://localhost:8183/api/v1/api-docs?url=/api/v1/openapi.json|https://localhost:8183/api/psd2/api-docs?url=/api/psd2/openapi.json]|

With the bottom link broken by this issue (showing the petstore instead of the application api that it used to show in previous versions).

> Swagger2Feature: Can't set url in UI through SwaggerUiConfig
> ------------------------------------------------------------
>
>                 Key: CXF-8636
>                 URL: https://issues.apache.org/jira/browse/CXF-8636
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 3.5.0, 3.4.5
>            Reporter: Markus Plangg
>            Assignee: Andriy Redko
>            Priority: Minor
>             Fix For: 3.4.6, 3.5.1, 4.0.0
>
>
> I've included the swagger ui by adding a dependency on org.webjars:swagger-ui.
> The [Documentation|https://cxf.apache.org/docs/swagger2feature.html#Swagger2Feature-ConfiguringSwaggerUI(3.2.7+)] mentions that the swagger UI can be configured through SwaggerUiConfig which sets config as query params.
>  
> Since [swagger ui 4.1.3|https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3] passing the default url as query parameter, e.g. `?url=swagger.json` is disabled by default due to security concerns. Instead the default swagger PetStore definition is loaded.
>  
> It's possible to restore the old behaviour by setting queryConfigEnabled, but I couldn't find a way to set this. Of course enabling this also brings back the security issue.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)