[
https://issues.apache.org/jira/browse/CXF-8636?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17545075#comment-17545075
]
Andriy Redko commented on CXF-8636:
-----------------------------------
Thanks [~amichai], I will try to improve the defaults (there are some ideas
how), regarding Swagger 4.11.1 - see please
https://issues.apache.org/jira/browse/CXF-8683
> Swagger2Feature: Can't set url in UI through SwaggerUiConfig
> ------------------------------------------------------------
>
> Key: CXF-8636
> URL: https://issues.apache.org/jira/browse/CXF-8636
> Project: CXF
> Issue Type: Bug
> Affects Versions: 3.5.0, 3.4.5
> Reporter: Markus Plangg
> Assignee: Andriy Redko
> Priority: Minor
> Fix For: 3.4.6, 3.5.1, 4.0.0
>
>
> I've included the swagger ui by adding a dependency on org.webjars:swagger-ui.
> The
> [Documentation|https://cxf.apache.org/docs/swagger2feature.html#Swagger2Feature-ConfiguringSwaggerUI(3.2.7+)]
> mentions that the swagger UI can be configured through SwaggerUiConfig which
> sets config as query params.
>
> Since [swagger ui
> 4.1.3|https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3] passing
> the default url as query parameter, e.g. `?url=swagger.json` is disabled by
> default due to security concerns. Instead the default swagger PetStore
> definition is loaded.
>
> It's possible to restore the old behaviour by setting queryConfigEnabled, but
> I couldn't find a way to set this. Of course enabling this also brings back
> the security issue.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
