You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I read security issues that could be if we read configuration from remote url.
In my case i want to serve swagger-ui from the same server where is my contract.
So allowing to load url that doesn't start with http://
or allow only if url starts with /
or allow url that is http(s)://localhost
should be enough.
Content and configuration
I want to pass url to OpenApi contract in url.
File is in the same server as swagger-ui.
Something like that:
http://localhost:8080/swagger-ui/index.html?url=/contract/system-xyz.yml
Is your feature request related to a problem?
It's related to #7697
Describe the solution you'd like
I read security issues that could be if we read configuration from remote url.
In my case i want to serve swagger-ui from the same server where is my contract.
So allowing to load url that doesn't start with http://
or allow only if url starts with /
or allow url that is http(s)://localhost
should be enough.
@char0n Have you consider a such filter?
The text was updated successfully, but these errors were encountered: