The query string 'url' and 'filter' are invalid

[Maxwell1987]

when I use docker.io/swaggerapi/swagger-ui:v4.1.2, I can use http://domain?url=xxx.yaml&filter=true to directly access xxx.yaml when opening the page, and display the filter.

from docker.io/swaggerapi/swagger-ui:v4.1.3 to docker.io/swaggerapi/swagger-ui:v4.10.3, the query string 'url' and 'filter' are invalid.

• OS: macOS
• Browser: firefox
• Version: 99.0.1
• Method of installation: docker
• Swagger-UI version: 4.1.3 to 4.10.3
• Swagger/OpenAPI version: OpenAPI 3.0

?yourQueryStringConfig

?url=path_to_yaml_url&filter=true

[sam-ludlow]

I've seen this.

Just static serve the "dist" folder from release / asset / sourcecode.zip

Pass ?url=mySwagger.yaml

Last version that works is swagger-ui-4.1.2

[Gama11]

I've also run into this, although I just discovered that this was apparently an intentional change:

https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3

Bug Fixes

security: disable reading config params from URL search params (#7697) (01a3e55), closes #4872, security advisory GHSA-qrmm-w75w-3wpx

Note: to re-enable the functionality of reading config params from URL, set new queryConfigEnabled core parameter to true. More info in documentation.

What's awkward about this is that urls.primaryName is still automatically added when selecting a definition from the dropdown, it just doesn't do anything. Also a bit strange that such a breaking change was made in a patch release.

[Maxwell1987]

So that's the reason. I didn't expect to have this change in a patch release, nor did I think to check the documentation

For security reasons, it is actually possible to add a uri parameter, which would be convenient for scenarios like mine where documents are stored centrally. In fact, I would prefer uri to url.