Closed tpwst555 closed 1 year ago
Apologies, I'm not sure how this is a duplicate. I did read that bug and understand why it is a security issue. This is a feature request to add parameter validation so we can securely share links without enabling the queryConfigEnabled flag. (Which has been addressed in swagger-ui project.)
@tpwst555,
Feel free to propose directly a PR, if you have any feature request.
Is your feature request related to a problem? Please describe. We are unable to share links to specs that are not on the default definition. This presents a problem because users must manually navigate to the location within a spec if it is not the default definition.
I understand query parameters were disabled for security, however parameter validation can be added to ensure the value of urls.primaryName is an allowed URL.
This was recently implemented by swagger-ui: https://github.com/swagger-api/swagger-ui/pull/8168
Describe the solution you'd like
Describe alternatives you've considered I have tried using queryConfigEnabled, but this setting is not working: springdoc.swagger-ui.queryConfigEnabled=true
Also, this option seems to present a security risk which could be avoided with parameter validation.