-
Notifications
You must be signed in to change notification settings - Fork 129
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add ability to exclude some operations from security-defined rule #1570
Conversation
🦋 Changeset detectedLatest commit: 3aa0951 The changes in this PR will be included in the next version bump. This PR includes changesets to release 2 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
Coverage report
Test suite run success738 tests passing in 102 suites. Report generated by 🧪jest coverage report action from 3aa0951 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
Looking at #1569 , it would be better to have the users declare the security as open than to omit it - the benefit to the user is that the good practice is part of their OpenAPI description so will apply throughout the lifecycle and all tools. |
Yes! Definitely it's better and that's why we have this rule. Unfortunately there are cases when it can't be done due to various reasons (like not controlling the openapi description directly multiplied by 100s of APIs). So it's good to have some way for exceptions. |
8a59a0d
to
3aa0951
Compare
What/Why/How?
Adds the ability to exclude some paths or particular operations from the
security-defined
rule.Here's an example:
redocly.yaml
openapi.yaml
The ouput:
Reference
Resolves: #1569
Testing
Screenshots (optional)
Check yourself
Security