* Handle relative urls for oauth authorization
The full URL is computed based on the current selected server
if a relative URL is used as authorizationUrl
or tokenUrl
Co-authored-by: Eliot Berriot <contact@eliotberriot.com>
* Add default configuration `preserveAuthorization`
* Add localStorage to auth plugin
* Add persistAuthorization unit tests
* Refactor persistAuthorization to use wrapped actions
* Upgrade unit tests to be compatible with jest
* Add persistAuthorization documentation
Co-authored-by: Tim Lai <timothy.lai@gmail.com>
This commit changes markdown sanitization behaviour in following way:
class, style and data-* attributes are removed by default. These attributes
open possible vulnerability vectors to attackers.
The original behavior of sanitizer (before this commit) can be enabled by *useUnsafeMarkdown* configuration option.
Use this configuration option with caution and only in cases when you know
what you're doing.
* Fix basic-auth.jsx: do not require password in UI
password is not PropTypes.string.isRequired, but the markup wrongly makes it mandatory
* Do not require password input in http-auth.jsx
This is used by the Authorize modal. Not sure when the similar code from basic-auth.jsx is used.
Co-authored-by: kyle shockey <kyle.shockey1@gmail.com>
* clears authentications when logout is clicked
* tests the headers sent in the network request
* adds test for multiple api keys
* refactors tests to extract common uses
* correct test message description
Co-authored-by: kyle shockey <kyleshockey@gmail.com>
* set new bundlesize goal
* preserve `GeneratorFunction` instead of all function names
* use js-yaml fork that doesn't require esprima
* set HTML content directly, instead of using React-Markdown
* use remarkable for all Markdown rendering
* add babel-plugin-transform-react-remove-prop-types
* remove SplitPaneMode plugin
* remove react-collapse
* remove AST plugin, and yaml-js
* trim Markdown HTML string output before rendering
* disable obsolete function name preservation
* add `getComponent` to propTypes
* Use `parameterWithMeta` to get parameter data in <ParameterRow>
* Prefer specPath when fetching resolved subtrees in OperationContainer
* Add test for OAS3 callback rendering
* Remove debugger statement
* Pass base resolution URL directly to Swagger-Client subtree resolver
* Remove accidental comment
* Migrate additional options
* Don't default to empty Map when getting subtree
* fix(validateParam): check for ImList type before using count method
* Use `replaceState` to update `urls.primaryName`
This gives us the stateful URL we want, without:
(a) refreshing the page on update
(b) creating a long, useless history for the user
(c) implying that browser history is two-way bound
to Swagger-UI (it isn't, we don't have a router)
* Add `fn.opsFilter` docs and internal API versioning note
* restrict `x-example` functionality to Swagger 2.0
* polish Authorize + Close buttons
* add tachyons; use it for padding the new Reset button
* v3.12.0
* rebuild dist
If the swagger.json defines more than one oauth2 Security scheme with
matching scopes, the id of the scope checkboxes were not unique.
As a result the scope for a second security scheme could not be
selected.
By adding the security scheme name to the id, it becomes more unique.
