You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The OpenAPI header info text is auto generated by Quarkus to something like app-name version (quarkus quarkus-version).
Today, it can only be customize by providing a style.css file, but it needs to provides all the styles in it and not juste the one that need to be customize as style.css will replace the generated one. It's also a little complex to provide a CSS to manage text content.
The current text value can be an issue if OpenAPI is planed to be deployed on production as it contains technical information so it's a security vulnerability as defined in the OWASP top 10 vulnerabilities: information disclosure.
Quarkus may provide a way to easily customize this text.
Implementation ideas
Provide a way to customize the header info text via application.properties
quarkus.swagger-ui.header-info=foo bar
Another solution would be to provide an header-info-enable property and not a custimization. Both solutions are OK for me.
The text was updated successfully, but these errors were encountered:
Description
The OpenAPI header info text is auto generated by Quarkus to something like
app-name version (quarkus quarkus-version)
.Today, it can only be customize by providing a
style.css
file, but it needs to provides all the styles in it and not juste the one that need to be customize as style.css will replace the generated one. It's also a little complex to provide a CSS to manage text content.The current text value can be an issue if OpenAPI is planed to be deployed on production as it contains technical information so it's a security vulnerability as defined in the OWASP top 10 vulnerabilities: information disclosure.
Quarkus may provide a way to easily customize this text.
Implementation ideas
Provide a way to customize the header info text via
application.properties
Another solution would be to provide an
header-info-enable
property and not a custimization. Both solutions are OK for me.The text was updated successfully, but these errors were encountered: