Skip to content

Issue: Disable Swagger API documentation in production environment #183

Closed
Task
Closed
Issue: Disable Swagger API documentation in production environment#183
Task
Labels
enhancementNew feature or requestsecurityVulnerability patches, encryption, or access control
@NahomAlemu

Description

@NahomAlemu
NahomAlemu
opened on Mar 14, 2026

Description

The Swagger API documentation at /api/docs is exposed unconditionally in all environments.

Risk: In production, this exposes:

  • All API endpoints and their schemas
  • Authentication mechanisms
  • A detailed attack surface map

Tasks

Tasks:

  • Conditionally enable Swagger only in non-production environments.

Visual Aids

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestsecurityVulnerability patches, encryption, or access control

    Type

    Task

    Fields

    No fields configured for Task.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions