New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide CORS headers configuration for /openapi endpoint #3787
Comments
I assume this should be configurable? |
I guess make them configurable is the most flexible. Always applying CORS headers per default may be a security issue. What's your opinion on this? |
Either make these configurable via |
I had quick look at the current implementation. Here is what I would do:
Would you accept a pull request for this? |
Closed by #3793 |
Provide CORS Headers configuration for /openapi endpoint
Currently, there does not seem to be a way to configure and send proper CORS headers for the /openapi endpoint. According to the Microprofile OpenAPI Spec CORS headers are implementation dependent, but I think this would be a sensible enhancement, so that the API spec can be used and displayed by third party tools like the Swagger UI.
Expected Outcome
I can configure the Microprofile OpenAPI endpoint to emits CORS headers so that the documentation can be used e.g. in the Swagger UI.
Current Outcome
Currently, no CORS headers are added to the /openapi HTTP response. Swagger UI is complaining.
Steps to reproduce (Only for bug reports)
Fire up swagger UI (e.g. using current Docker image) and point it to a /openapi endpoint.
Samples
Context (Optional)
We are currently looking into providing an API catalog for developers for all our Payara based microservices. Proper CORS headers would make this easier. Currently, we have a separate NGINX that adds these headers for us.
Environment
The text was updated successfully, but these errors were encountered: