swagger-ui icon indicating copy to clipboard operation
swagger-ui copied to clipboard

Published 20 hours ago verified publisher icon swagger-api

Disable autocompletion for authorization secrets

Open glowcloud opened this issue 9 months ago • 1 comments

When inputting values for the API key and bearer token, there's a possibility of autocompletion, which can potentially reveal previously used secrets. We want these values to remain visible to users as they type, while ensuring that they are not exposed through autocompletion, similar to how it happens when creating secrets in GitHub repositories. As such, we propose to implement a simple solution by setting autoComplete=off for these inputs: https://github.com/swagger-api/swagger-ui/blob/1367a8fbdfddd697b8c71493bb09c01baf17d5a3/src/core/components/auth/api-key-auth.jsx#L73-L78

https://github.com/swagger-api/swagger-ui/blob/1367a8fbdfddd697b8c71493bb09c01baf17d5a3/src/core/plugins/oas3/components/auth/http-auth.jsx#L132-L138

Additional context or thoughts

This issue was raised with https://github.com/swagger-api/swagger-ui/pull/9858

glowcloud avatar May 07 '24 13:05 glowcloud

@glowcloud I give a try to this with your recommendation

klm-turing avatar May 13 '24 21:05 klm-turing