fix(security): disable reading config params from URL search params (#7697)

Reading configuration parameters from URL search params is by default no longer enabled. To re-enable it, set queryConfigEnabled configuration parameter to true. Functionally, this is a breaking change, but given we're just providing a security vulnerability patch we're considering this a PATCH version bump only. Refs #4872 Refs https://github.com/swagger-api/swagger-ui/security/advisories/GHSA-qrmm-w75w-3wpx
2021-12-09 17:28:17 +01:00
parent df7749b2fe
commit 01a3e55960
8 changed files with 30 additions and 9 deletions
--- a/test/e2e-cypress/static/index.html
+++ b/test/e2e-cypress/static/index.html
@@ -56,7 +56,8 @@
        } else {
          window.completeCount = 1
        }
-      }
+      },
+      queryConfigEnabled: true,
    })

    window.ui = ui
--- a/test/e2e-cypress/static/pages/5138/index.html
+++ b/test/e2e-cypress/static/pages/5138/index.html
@@ -65,7 +65,8 @@
          } else {
            window.completeCount = 1
          }
-        }
+        },
+        queryConfigEnabled: true,
      })

      window.ui = ui