[jira] [Commented] (CXF-8636) Swagger2Feature: Can't set url in UI through SwaggerUiConfig

Wed, 01 Jun 2022 05:22:06 -0700 


    [ 
https://issues.apache.org/jira/browse/CXF-8636?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17544867#comment-17544867
 ] 

Amichai Rothman commented on CXF-8636:
--------------------------------------

Thanks for the updates!

I still can't get it to work though. On Karaf 4.3.7, CXF 3.5.2, blueprint, 
OpenApiFeature with or without an explicit SwaggerUiConfig bean, the cxf 
services list page still shows the url query parameter on the link (as I pasted 
above - this may be a separate but related issue), and also browsing to the 
page with or without the query string, even with adding an explicit index.html 
manually (as far as I can see in the code it looks for that hard-coded string 
when applying the workaround), everything results in seeing the petstore api. 
In fact it seems to redirect (307) from all those variants back to the original 
url with the query string, which then still shows the petstore api. Maybe 
there's something else I need to be doing, but this used to work out of the 
box, and now does not.

> Swagger2Feature: Can't set url in UI through SwaggerUiConfig
> ------------------------------------------------------------
>
>                 Key: CXF-8636
>                 URL: https://issues.apache.org/jira/browse/CXF-8636
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 3.5.0, 3.4.5
>            Reporter: Markus Plangg
>            Assignee: Andriy Redko
>            Priority: Minor
>             Fix For: 3.4.6, 3.5.1, 4.0.0
>
>
> I've included the swagger ui by adding a dependency on org.webjars:swagger-ui.
> The 
> [Documentation|https://cxf.apache.org/docs/swagger2feature.html#Swagger2Feature-ConfiguringSwaggerUI(3.2.7+)]
>  mentions that the swagger UI can be configured through SwaggerUiConfig which 
> sets config as query params.
>  
> Since [swagger ui 
> 4.1.3|https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3] passing 
> the default url as query parameter, e.g. `?url=swagger.json` is disabled by 
> default due to security concerns. Instead the default swagger PetStore 
> definition is loaded.
>  
> It's possible to restore the old behaviour by setting queryConfigEnabled, but 
> I couldn't find a way to set this. Of course enabling this also brings back 
> the security issue.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

Reply via email to