Access processed swagger.html file content programmatically #1456
Labels
question
Further information is requested
Comments
|
You have Access using you own implementation of
The design is explained here: #745 Let me know if you were able to make it work. |
|
Closed as no activity. |
|
Sorry for late reply. Thanks for the suggestion. I got it working in code, even if it's a bit wonky. As suggested, I'm overriding the |
|
Thank you @youming-lin for your feedback. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
First, thanks for developing and maintaining a Spring OpenAPI library now that Springfox seemingly stopped being maintained.
Is your feature request related to a problem? Please describe.
We have strict security requirements; in the past, our Swagger endpoints have been flagged for potential CORS violations and we added CSP headers disabling inline scripts as a result. However, after switching to Springdoc, I noticed that the bundled Swagger html page includes inline script. I need to allow list (ideally via SHA and not just blanket allow inline scripts again) the specific inline script in the html, and to calculate the SHA I need to access the html server-side.
Is there a way to programmatically obtain the processed Swagger html file content? It includes the server context root in the inline script section so I'm pretty sure the final html page has been processed by Springdoc (or swagger-ui).
Describe the solution you'd like
A function/method to get the processed Swagger html page. Or even more ideally, the specific SHA values I can use to specifically allow list the inline script section in the html, though I figured I can probably calculate that if I can get access to the raw html.
Describe alternatives you've considered
I've considered writing server code to call the swagger.html endpoint on itself to get the raw html content but that feels over-engineered.
Additional context
The text was updated successfully, but these errors were encountered: