You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When inputting values for the API key and bearer token, there's a possibility of autocompletion, which can potentially reveal previously used secrets.
We want these values to remain visible to users as they type, while ensuring that they are not exposed through autocompletion, similar to how it happens when creating secrets in GitHub repositories. As such, we propose to implement a simple solution by setting autoComplete=off for these inputs:
When inputting values for the API key and bearer token, there's a possibility of autocompletion, which can potentially reveal previously used secrets.
We want these values to remain visible to users as they type, while ensuring that they are not exposed through autocompletion, similar to how it happens when creating secrets in GitHub repositories. As such, we propose to implement a simple solution by setting
autoComplete=off
for these inputs:swagger-ui/src/core/components/auth/api-key-auth.jsx
Lines 73 to 78 in 1367a8f
swagger-ui/src/core/plugins/oas3/components/auth/http-auth.jsx
Lines 132 to 138 in 1367a8f
Additional context or thoughts
This issue was raised with #9858
The text was updated successfully, but these errors were encountered: