-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question] - Swagger in production #3434
Comments
These endpoints are in the account module, if you don't need the account module you can remove it. |
I do want the endpoints (/api/account), I just don't want the html pages (/account/login) that open when you call that url. |
I don't understand, can you explain it in detail? Thanks. |
Yeah, so when I run the .Host project and navigate to swagger I see all the available endpoints including: /api/account/login. Also, if I open my browser and navigate to /account/login (no /api here) I see a login page. This behaviour is fine for development. When I publish the project to production, I don't want swagger to be available (so anyone can see all the endpoints). I also would like the page /account/login not to be accessible. However, I don't want the endpoint /api/account/login to be removed. Let me know if you need more details. |
Because the host project is referencing You can override pages, redirects, or whatever in the Of course, you can also remove the account module and try to implement some functions in your own code, but this will be very complicated. |
If I understand you correctly, my best bet is to leave the account module in the project (so I can have the /api endpoints) but try to override the controller method for /account/login (the page) to return a 404 if it is in production environment right? |
You can choose according to your actual situation. |
I am building an API where I am going to be the only consumer. When I publish the project to production I don't want the Swagger API, the /account/login or the /account/register link to be accessible.
I thought about adding an if condition to check the environment on the application initialization around the lines
That might resolve the swagger issue but not the links to /account. I also don't know if that is a good practice.
Does ABP has anything built-in to deal with this situation? If not, what would you recommend?
The text was updated successfully, but these errors were encountered: