Univention Bugzilla – Bug 56714
Hide UDM REST API web interface
Last modified: 2023-10-25 16:31:02 CEST
We should deactivate the web interface of the UDM REST API by default. It is undocumented and unsupported. If a customer stumbles upon it, they may just be confused. We should deactivate it via UCR by default and allow activation if really needed.
At this point: Nice to have, not escalating.
The HTML web interface is now hidden behind the error message: The unsupported HTML view of the UDM REST API is disabled. Please use the JSON interface via the "Accept: application/json" HTTP header or enable it via the UCR variable "directory/manager/rest/html-view-enabled". To get a developer overview the OpenAPI schema interface can be reached at /univention/udm/schema/. univention-directory-manager-rest.yaml e6940167c368 | feat(udm-rest): deactivate HTML view of UDM REST API via UCR variable univention-directory-manager-rest (10.0.6-13) e6940167c368 | feat(udm-rest): deactivate HTML view of UDM REST API via UCR variable 20871bef4354 | feat(udm-rest): adjust styling of HTML view to align with the UCS 5.0 design
univention-directory-manager-rest (10.0.6-14) 3b2c5655e204 | fix(udm-rest): fix openapi.json access when no "Accept: application/json" is given.
QA: - advisories: OK - HTML view of the UDM REST API is disabled by default: OK - Error message is displayed when accessing the disabled UDM REST API HTML view: OK - HTML view of the UDM REST API can be reached after directory/manager/rest/html-view-enabled=true: OK - OpenAPI schema interface can be reached at /univention/udm/schema/: OK
<https://errata.software-univention.de/#/?erratum=5.0x856>