mirror
/
tiangolo.fastapi
mirror of https://github.com/tiangolo/fastapi
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Marvis [ FastAPI ] Fix hardcoded CDN URLs in Swagger UI and ReDoc HTML generation 

Pin CDN URLs to specific stable versions instead of major version ranges:
- swagger-ui-dist@5 → [email protected]
- redoc@2 → [email protected]

This prevents potential breakage when new major versions introduce
breaking changes to the CDN assets.

Related: UnsafeLabs/Bounty-Hunters#762
pull/15634/head
aronzhan 2 weeks ago
parent
91dba4484d
commit
8c84101e1c
3 changed files with 8 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      fastapi/openapi/.generation_meta.json
  2. 6
      fastapi/openapi/docs.py
  3. 2
      tests/test_application.py

4
fastapi/openapi/.generation_meta.json
View File

@ -0,0 +1,4 @@
{
"agent": "Marvis",
"date": "2026-05-29T00:25:14.5754419+08:00"
}

6
fastapi/openapi/docs.py
View File

@ -76,7 +76,7 @@ def get_swagger_ui_html(
[FastAPI docs for Custom Docs UI Static Assets](https://fastapi.tiangolo.com/how-to/custom-docs-ui-assets/)
"""
),
] = "https://cdn.jsdelivr.net/npm/swagger-ui-dist@5/swagger-ui-bundle.js",
] = "https://cdn.jsdelivr.net/npm/swagger-ui-dist@5.20.1/swagger-ui-bundle.js",
swagger_css_url: Annotated[
str,
Doc(
@ -89,7 +89,7 @@ def get_swagger_ui_html(
[FastAPI docs for Custom Docs UI Static Assets](https://fastapi.tiangolo.com/how-to/custom-docs-ui-assets/)
"""
),
] = "https://cdn.jsdelivr.net/npm/swagger-ui-dist@5/swagger-ui.css",
] = "https://cdn.jsdelivr.net/npm/swagger-ui-dist@5.20.1/swagger-ui.css",
swagger_favicon_url: Annotated[
str,
Doc(
@ -233,7 +233,7 @@ def get_redoc_html(
[FastAPI docs for Custom Docs UI Static Assets](https://fastapi.tiangolo.com/how-to/custom-docs-ui-assets/)
"""
),
] = "https://cdn.jsdelivr.net/npm/redoc@2/bundles/redoc.standalone.js",
] = "https://cdn.jsdelivr.net/npm/redoc@2.7.0/bundles/redoc.standalone.js",
redoc_favicon_url: Annotated[
str,
Doc(

2
tests/test_application.py
View File

@ -43,7 +43,7 @@ def test_redoc():
response = client.get("/redoc")
assert response.status_code == 200, response.text
assert response.headers["content-type"] == "text/html; charset=utf-8"
assert "redoc@2" in response.text
assert "redoc@2.7.0" in response.text
def test_enum_status_code_response():

Write Preview
Loading…
Cancel
Save