v12 RC2 Swagger UI not working on Umbraco Cloud

[jbreuer]

Which Umbraco version are you using? (Please write the exact version, example: 10.1.0)

12.0.0-rc2

Bug summary

I cloned an Umbraco Cloud project (11.3.1) locally and upgraded it to 12.0.0-rc2 with the following command: dotnet add package Umbraco.Cms --version 12.0.0-rc2.

After that I enabled the Content Delivery API following these steps: https://docs.umbraco.com/umbraco-cms/v/12.latest/reference/content-delivery-api

Then I tried the Swagger UI on my local environment and it worked. I pushed my changes to Umbraco Cloud and tried to do the same there. However there the Swagger UI is not working:

Local:

Umbraco Cloud:

Swagger UI doesn't work, but the Content Delivery API does work.

Local:

Umbraco Cloud:

If you visit this Umbraco Cloud URL you can see the results (it's a trial which is almost over): https://umbraco-trial.euwest01.umbraco.io/umbraco/delivery/api/v1/content

Specifics

No response

Steps to reproduce

See bug summary.

Expected result / actual result

The Swagger UI should work local and on Umbraco Cloud.

[github-actions[bot]]

Hi there @jbreuer!

Firstly, a big thank you for raising this issue. Every piece of feedback we receive helps us to make Umbraco better.

We really appreciate your patience while we wait for our team to have a look at this but we wanted to let you know that we see this and share with you the plan for what comes next.

• We'll assess whether this issue relates to something that has already been fixed in a later version of the release that it has been raised for.
• If it's a bug, is it related to a release that we are actively supporting or is it related to a release that's in the end-of-life or security-only phase?
• We'll replicate the issue to ensure that the problem is as described.
• We'll decide whether the behavior is an issue or if the behavior is intended.

We wish we could work with everyone directly and assess your issue immediately but we're in the fortunate position of having lots of contributions to work with and only a few humans who are able to do it. We are making progress though and in the meantime, we will keep you in the loop and let you know when we have any questions.

Thanks, from your friendly Umbraco GitHub bot :robot: :slightly_smiling_face:

[warrenbuckley]

Hi @jbreuer I think this is by design, that swagger is disabled when your environment is not in debug mode AFAIK.

@KennethJakobsen is this correct?

[nathanwoulfe]

This is the Kenn you're looking for - @kjac 😺

[kjac]

Hi @jbreuer,

Thanks for reaching out 😄

This is indeed by design.

For security reasons, the Swagger endpoints and the Swagger UI are never enabled in Production mode (IWebHostEnvironment.IsProduction()). On their own, neither Swagger nor the Delivery API poses a security issue. However, they implicitly leak the version of your Umbraco install, thus making it easier for potential attackers to narrow down their attack vectors.

You should be able to change this if you really really want, by creating your own pipeline filter based off the one in UmbracoBuilderApiExtensions. I would not recommend it for actual production use, though.

[jbreuer]

Hi @kjac,

Thanks for the info! I used Kudu and changed the ASPNETCORE_ENVIRONMENT value from Production to Development on my Umbraco Cloud site and I can confirm that Swagger is working now. I'm using this Umbraco Cloud site only for experiments. So I would not do that on a real website 😉.

I understand that this is by design. It might be a good idea to add that to the docs: https://docs.umbraco.com/umbraco-cms/v/12.latest/reference/content-delivery-api#swagger. Otherwise there might be more people who think this is a bug.