[RFC] Ability to disable entrypoint /api/docs #1568
Comments
|
For Swagger UI, it's already possible: # app/config/config_prod.yml
api_platform:
enable_swagger_ui: false |
It will not be a valid Hydra API (then, client-side tools will not work anymore). I suggest to add a proper authentication layer instead of disabling the entrypoint. |
|
You mean allowing only super-admin users to see the list of entrypoint? In that case the entrypoint will still not be available for tools (so what's the win here?). Actually in my case we don't really care because the only client (for now) is the frontend of the app. I assume this may be the case for many people. Hydra provide features. Shouldn't be able to enable/disable features ? |
Tools can authenticate. But why not an option to disable the entrypoint and the docs: api_platform:
entrypoint: false
docs: false |
|
Tools can authenticate but it's about not showing endpoints to everybody. So only super-admin authentication would make it work. For the option, that's what the issue is about :) .
|
|
Indeed @Nek- feel free to contribute to add these options :). |
Nek-
changed the title
|
Related to #1731 |
|
\o/ |
|
Is it possible to disable all docs except the swagger html version? jsonld has a link header which comes back whenever docs is enabled. However, I only want docs for html. |
Problem
/api/docsin production environmentPartial solution
I don't want that.
Final suggestion of fix
Add a new option that definitely disable this page and replace it by a 404 error.
Please tell me what do you think about and I can handle the PR about.
The text was updated successfully, but these errors were encountered: