Makes the last `initOAuth` variable configurable via environment
variables in the swagger-ui docker image.
Co-authored-by: Christopher Giroir <chrisgiroir@improbable.io>
Co-authored-by: Tim Lai <timothy.lai@gmail.com>
Reading configuration parameters from URL search params
is by default no longer enabled. To re-enable it, set queryConfigEnabled
configuration parameter to true.
Functionally, this is a breaking change, but given we're just providing
a security vulnerability patch we're considering this a PATCH version bump
only.
Refs #4872
Refs https://github.com/swagger-api/swagger-ui/security/advisories/GHSA-qrmm-w75w-3wpx
This commit provides a backward compatible mechanism to chain wrap
an individual component multiple times
`Chain` mode: allow chaining of plugins on a given component
`Legacy` mode: last plugin to wrap a given component will supercede others
* chore: Add unit test for wrapComponent wrapping
* doc: Add documentation about the new pluginsOptions configuration
* doc: Add a sidenote on plugin-api page
Co-authored-by: Tim Lai <timothy.lai@gmail.com>
* feat: add tryItOutEnabled configuration
allow users to set tryItOutEnabled: true to display
the "Try it out" section by default
tryItOutEnabled to take === "true" for the
query string value or === true if someone
implements query string type parsing in the query
* Add default configuration `preserveAuthorization`
* Add localStorage to auth plugin
* Add persistAuthorization unit tests
* Refactor persistAuthorization to use wrapped actions
* Upgrade unit tests to be compatible with jest
* Add persistAuthorization documentation
Co-authored-by: Tim Lai <timothy.lai@gmail.com>
This commit changes markdown sanitization behaviour in following way:
class, style and data-* attributes are removed by default. These attributes
open possible vulnerability vectors to attackers.
The original behavior of sanitizer (before this commit) can be enabled by *useUnsafeMarkdown* configuration option.
Use this configuration option with caution and only in cases when you know
what you're doing.
* Add the withCredentials configuration key
It enables passing credentials in CORS requests. e.g. Cookies and
Authorization headers.
* Improve withCredentials documentation
* Add unit tests for the withCredentials config
* Update configuration.md
* Update configuration.md
* only set `withCredentials` Fetch flag if the config value is truthy
there are some workarounds in the wild today that involve setting `withCredentials` on `system.fn.fetch` directly.
this approach avoids mangling those existing workarounds!
* add more test cases
* Update configs-wrap-actions.js
* Update index.js
* add `onFound` callback to schemas
* add warning to method docs (for #4957)
* implement Docker OAuth2 init block support
* update docs
* add OAUTH_SCOPE_SEPARATOR
* drop OAuth env from Dockerfile and run script
* don't indent the first oauth block line
* drop unused `dedent` import
* touch up warning message
* add more test cases
* return an empty block if no OAuth content is generated
* fix broken doc line
* Updated 'urls' (An array of API definition objects) description.
Updated 'urls' (An array of API definition objects) description to show an actual object array containing two (2) urls, clarifying this configuration-option.
* urls is an array, not a string
* extend getExtensions
Add optional param to getExtensions that can retrieve more stuff
* Add getCommonExtensions
* Trim trailing spaces
* Remove unused parameter
* Move the format inline with the param type
* correction to UnitTest
