swagger-ui
swagger-ui copied to clipboard
swagger-api
Define nginx headers using environment variables or config.json for Docker deployment
Content & configuration
Swagger/OpenAPI definition: N/A
Swagger-UI configuration options: BASE_URL CONFIG_URL OAUTH_USE_PKCE
Is your feature request related to a problem?
It would be useful to be able to define custom response headers, both for configuration and security purposes, without customizing the docker image to do so. In particular setting headers like X-Frame-Options, Strict-Transport-Security, and X-Robots-Tag.
Describe the solution you'd like
My ideal solution would be one or both of the following:
a. Add a new array config parameter to my config.json file called responseHeaders that would allow an array of key value pairs to be defined which would be added to the headers of each response. Something like:
{
"responseHeaders": [
{
"X-Frame-Options": "SAMEORIGIN"
},
{
"X-Robots-Tag": "noindex"
}
]
}
b. Perhaps an environment variable that allows similar headers to be defined which might look something like this:
"RESPONSE_HEADERS": "X-Frame-Options=SAMEORIGIN,X-Robots-Tag=noindex"
Describe alternatives you've considered
The only viable alternative I'm aware of would be to make my own docker image, make a copy of your nginx.conf file and modify it to add the headers in question. This is less desirable as it creates the opportunity for configuration drift as things are changed in the official swagger-ui Docker image.
@ponelat nope. This issue represents a request for feature, that can currently be achieved by adding an additional docker layer (by extending the swagger-ui image).
EMBEDDING specifically deal with X-Frame-Options and Content-Security-Policy headers, and set them to certain defaults with ability to override.
As mentioned in https://github.com/nginxinc/docker-nginx/issues/825#issuecomment-1682820833, this feature is easily attainable by other means.
@ponelat nope. This issue represents a request for feature, that can currently be achieved by adding an additional docker layer (by extending the swagger-ui image).
EMBEDDING specifically deal with
X-Frame-OptionsandContent-Security-Policyheaders, and set them to certain defaults with ability to override.As mentioned in nginxinc/docker-nginx#825 (comment), this feature is easily attainable by other means.
The EMBEDDING does address one of the parameters described above, which is the more important of the two for me.
As for the other parameters mentioned, like X-Robots-Tag, I acknowledged above that this functionality could be achieved by copying your nginx.conf file and modifying it, but that this would likely require a separate customized docker image. The solution proposed on the nginxinc repo, which involves customizing containers at runtime by maintaining custom config assets on the host is a suboptimal solution for a variety of environments, including serverless containers like Fargate, but presumably others as well.
The most optimal solution is to be able to declare these configuration parameters at runtime within the described framework of either the container configuration itself or a config asset that the application is already expecting to retrieve, as is the case with the CONFIG_URL. I realize this approach has its limitations, but that is why this feature request was submitted for consideration.