Standard Energy Efficiency Data (SEED) Platform™ is a web-based application that helps organizations easily manage data on the energy performance of large groups of buildings.
Other
107
stars
55
forks
source link
Updated Swagger config to prevent requesting external schemas #4590
Swagger, by default, allows loading external schemas via the URL input at the top, which presents a security risk. Fortunately, this risk is mitigated by our strict CSP, but it's a good practice to remove the field regardless.
What's this PR do?
Removes the header containing the Swagger URL field
How should this be manually tested?
Go to the Swagger page and confirm that the header is no longer present
Any background context you want to provide?
Swagger, by default, allows loading external schemas via the URL input at the top, which presents a security risk. Fortunately, this risk is mitigated by our strict CSP, but it's a good practice to remove the field regardless.
What's this PR do?
Removes the header containing the Swagger URL field
How should this be manually tested?
Go to the Swagger page and confirm that the header is no longer present
What are the relevant tickets?
4346
Screenshots (if appropriate)