search

Redocly / redocly-vs-code

Redocly VS Code extension
35 stars 6 forks source link

entire yaml marked with problem "should have `security` defined" #40

Closed jabielecki closed 1 year ago

jabielecki commented 1 year ago

What happened?

I've got a problem "Every API should have security defined on the root level or for each operation" after loading a typical example found on the web (e.g. petstore.yaml). So far so good, because the yaml in fact does have this exact characteristic.

But the attributes of such finding are broken:

What should have happened instead?

Minimal reproducible OpenAPI snippet

openapi: "3.0.0"
info:
paths:
  /pets:
    get:
      responses:
        "200":

Screenshots

Screenshot from 2022-10-25 17-35-17

Additional context

Happens on "3.0.0" and "3.1.0". Today's version of the plugin from VS Code Marketplace: 2022-10-25.

AntonKozachuk commented 1 year ago

Hi @jabielecki,

Thanks for raising your concerns.

We already have a fix for this visual issue to avoid highlighting the whole definition.

It will be reporting only on the specific operations that lack security or the openapi field itself.

The fix will be added to the next release.

As for the warning, we will consider your suggestion but our team has a strong opinion that every API should have security defined.

Even if the API is truly public without any credentials required, define the empty security section to let people know you didn't forget.

Hope this makes sense.

jabielecki commented 1 year ago

Thank you very much for working on it!

For the error level, if it's a well-informed and well-intended departure from OAS3, well, you are the experts here :smile: :+1: