I have to get an API past PEN testing. We have been left with one issue - the swagger.index.html
UI does not describe the desired headers, in this instance it is the hsts header. It appears The
UI for swagger does not obey any middleware compenents called in the startup.cs(I am using .NetCore, so no web.config).
I have tried using NWebSec, and using some suggestions I have found online for adding custom
headers. I have been here: https://swagger.io/docs/specification/2-0/describing-responses/ but
I cannot how to implement it!
There are a few properties i suspect I can configure in the UseSwaggerUI() method but I do not know
the syntax or exactly which out of path, schema, and responses, I should be calling.
Q&A (please complete the following information)
Content & configuration
I am running Swagger via .Net Core in visual studio. In my startup.cs:
Configure(){ ... services.AddSwaggerGen((options) => { options.SwaggerDoc("v1", new OpenApiInfo { Title = "MarineData", Version = "v1" }); }); ... }
ConfigureServices(){ app.UseSwagger();
}
How can we help?
I have to get an API past PEN testing. We have been left with one issue - the swagger.index.html UI does not describe the desired headers, in this instance it is the hsts header. It appears The UI for swagger does not obey any middleware compenents called in the startup.cs(I am using .NetCore, so no web.config). I have tried using NWebSec, and using some suggestions I have found online for adding custom headers. I have been here: https://swagger.io/docs/specification/2-0/describing-responses/ but I cannot how to implement it! There are a few properties i suspect I can configure in the UseSwaggerUI() method but I do not know the syntax or exactly which out of path, schema, and responses, I should be calling.