springwolf
Content Security Policy
I am looking for a sample code of springwolf-ui (without plugin) using asynapi file. I tried steps provided at https://www.springwolf.dev/docs/faq but couldn't get the springwolf UI generated from my asyncapi file placed in resources folder of my spring boot app
Welcome to Springwolf. Thanks a lot for reporting your first issue. Please check out our contributors guide and feel free to join us on discord.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @atul-gawali, unfortunately there is no example project for using springwolf-ui as a standalone component. Can you provide more information on what is not working after following the documentation? For example:
- Does your spring boot backend serve the async api file for the correct path?
- Does your spring boot backend serve the springwolf ui?
- Is there an error in the browser?
Hi @sam0r040 I am also try to do similar thing in my spring boot project to render asyncapi json in springwolf-ui. We have a asyncapi.json file and now based on this json file we want to generate the async-ui in our spring-boot application.
Q1. Does your spring boot backend serve the async api file for the correct path?
We put the asyncapi.json file in /resources/springwolf/docs as per the documentation. Btw we tried to put the file in /resources/static, /resources and /META-INF/resources/
Q2. Does your spring boot backend serve the springwolf ui?
We added below springwolf-ui dependency.
<groupId>io.github.springwolf</groupId> <artifactId>springwolf-ui</artifactId> 1.6.0
Q3. Is there an error in the browser?
No error is showing.
Do we need any properties in application.properties for the filepath of ayncapi.json file?
Hi @sam0r040
We wrote spring boot application by following the documentation https://www.springwolf.dev/docs/faq to display the UI for asyncapi file(asyncapi.json). But the application doesn't display the details as in asyncapi file. Here is a screenshot of the browser.
Here is the sample code springwolf-ui.zip. Can you please check the sample code?
@ajit2k21 Have you checked the browsers network tab to see whether the GET request is successful?
Just to double check: The asyncapi file is located at springwolf/docs without any extension (docs is the file name)?
@timonback Thanks for reply. Now I am able to display the asyncapi-ui.html in the sample application. We integrated the springwolf-ui dependency to our product but found some issues with ui like as below because our product follow the "Content Secure Policy"(Reference: https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html) so its block the inline the css and js. Here is the screenshot of asyncapi-ui.html and its contents. It has inline css codes.
As per the Content Secure Policy, all inline CSS and JS contents must be in external files and links in HTML files.
Can you please suggest to me how can we resolve the Content Secure Policy issue? Are you planning to work on this issue?
Hi @ajit2k21 , great to hear.
You are welcome to contribute a Content Security Policy to make Springwolf better.
We use a default Angular application setup on the frontend, see springwolf-ui folder.
CSP sound like a common problem, there are probably helpful guides out there.
Hi @ajit2k21 , great to hear.
You are welcome to contribute a
Content Security Policyto make Springwolf better.We use a default Angular application setup on the frontend, see
springwolf-uifolder. CSP sound like a common problem, there are probably helpful guides out there.
Is there any update on the "Content Security Policy" enhancement?
We had a look noticed that CSPs are configured on the webserver and not by Springwolf. We had a look at the necessary configuration changes (switching optimizations off in angular.json) in the build process and decided against it due to the complexity. Even with this change a slightly different CSP-header is required.