Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to remove swagger production .net core 2.1

I have swagger working on multiple microservices. When deploying to Azure we need to remove all together the option of swagger due to security best practices. Working with .net core 2.1 Looking for example of definitions.

like image 835
Tzvi Gregory Kaidanov Avatar asked Mar 07 '19 14:03

Tzvi Gregory Kaidanov


People also ask

How do I disable Swagger UI in production?

active=production with @Profile("! production") worked for me to turn off swagger in prod.

Can you use Swagger in production?

3-p2, 2.3. 7-p3), Swagger is disabled automatically in production mode. This means that you can still use it on development machines where it is most important, but not on the live server. It's not possible to easily use Swagger on test or staging systems either while they run in production mode (which they should).

How do I hide a schema in Swagger net core?

How to do it? add this property in your Swagger UI Options defaultModelsExpandDepth: -1 for hide schema section and for more reference refer this swagger.io/docs/open-source-tools/swagger-ui/usage/… Can you please add your swagger ui configuration settings in your question.


2 Answers

First, what "security best practices"? There's nothing wrong with having your API documentation in production. That's actually kind of the whole point: clients should be able to look at the documentation so that they can properly use your API. If these microservices aren't exposed to be used by external clients, then it's even less of an issue, because no one outside can get to the service or the documentation, anyways. If the services are exposed, then they should also be requiring requests to be authorized, and the documentation itself can be locked down via the same mechanism.

Regardless, if you insist on removing this in production, your best bet is to never add it there in the first place. In other words, wrap all your Swagger setup in Startup.cs with if (env.IsDevelopment()) or if you want it available in things like a staging environment: if (!env.IsProduction()).

like image 112
Chris Pratt Avatar answered Sep 17 '22 04:09

Chris Pratt


If you're coming at this from .net core 3.1:

Assuming that the Startup class' constructor copies the injected IConfiguration to a local field called configuration, then you can setup the Configure method like so:

public void configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    var applicationName = configuration.GetValue<string>("ApplicationName") ?? "MyApi";
    var basePath = configuration.GetValue<string>("BasePath");
    if (!string.IsNullOrEmpty(basePath))
        app.UsePathBase(basePath);

    if (!env.IsProduction())
    {
        app.UseSwagger();
        app.UseSwaggerUI(c =>
        {
            c.SwaggerEndpoint($"{basePath}/swagger/v1/swagger.json",
                                $"{applicationName} {ReflectionUtils.GetAssemblyVersion<Program>()}");
        });
    }
}

like image 21
user1007074 Avatar answered Sep 17 '22 04:09

user1007074