Skip to content

Publicly Accessible API Documentation via Swagger vulnerability remediation #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ibi420 wants to merge 1 commit into
base: 9.x
Choose a base branch
from
Open

Publicly Accessible API Documentation via Swagger vulnerability remediation #73

ibi420 wants to merge 1 commit into from

Conversation

@ibi420
Copy link

@ibi420 ibi420 commented Aug 20, 2025

Description

This change addresses a vulnerability where Swagger API documentation was publicly accessible in production environments. Swagger has now been disabled in production to prevent unauthorised users from discovering sensitive backend routes and internal API details.

Fixes # (issue)

Type of change

  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

  • Attempted to access Swagger documentation endpoints (/api/swagger_doc.json, /swagger_doc.json) in a production environment.
  • Verified that requests are redirected to the homepage (/home) and Swagger documentation is no longer exposed.
  • Confirmed that Swagger remains available and functional in development environments for testing and debugging purposes.

Testing Checklist

  • Tested in latest Chrome

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my code
  • I have commented my code in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have requested a review from security and project maintainers on the Pull Request

martindolores
martindolores reviewed Aug 25, 2025
View reviewed changes
Copy link

@martindolores martindolores left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome work Ibi, I was able to pull your changes done and setup my environment as Production and was not able to access swagger 🤘

MillicentAmolo
MillicentAmolo reviewed Sep 20, 2025
View reviewed changes
Copy link

@MillicentAmolo MillicentAmolo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a good solution. Now structure is clear and appropriate. Wonderful job

AB-Deakin
AB-Deakin approved these changes Sep 24, 2025
View reviewed changes
Copy link

@AB-Deakin AB-Deakin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Peeer reviewed by Alex Brown and approved 25/09/2025

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

3 more reviewers

@martindolores martindolores martindolores approved these changes

@AB-Deakin AB-Deakin AB-Deakin approved these changes

@MillicentAmolo MillicentAmolo MillicentAmolo approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ibi420 @martindolores @AB-Deakin @MillicentAmolo