starred/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2026-05-04 18:09:12 +03:00
Code Issues 822 Packages Projects Releases 10 Wiki Activity

Disable swagger by default #6900

New Issue
Closed
opened 2026-02-07 04:15:50 +03:00 by OVERLORD · 2 comments
OVERLORD commented 2026-02-07 04:15:50 +03:00
Owner
Copy Link

Originally created by @goremykin on GitHub (Apr 9, 2025).

Description of the bug

I was very surprised to find Swagger on my public Jellyfin instance (docker container). And I don't see any option how to disable it on Jellyfin side, so had to close it on reverse proxy level.

If this is expected behavior, just close the issue. I guess this is not the expected behavior considering that 99% of users are unlikely to use it and it makes life easier for attackers.
If we talk about resources, then turning off Swagger will not reduce many resources, but on weak devices every resource matters.

Reproduction steps

  1. Run Jellyfin in a docker container
  2. Go to /api-docs/swagger/index.html

What is the current bug behavior?

Swagger UI is opened

What is the expected correct behavior?

404 error

Jellyfin Server version

10.10.0+

Specify commit id

No response

Specify unstable release number

No response

Specify version number

No response

Specify the build version

10.10.7

Environment

- OS:Linux
- Linux Kernel: 6.11
- Virtualization: Docker

Jellyfin logs

Not relevant

FFmpeg logs

Client / Browser logs

No response

Relevant screenshots or videos

No response

Additional information

No response

Originally created by @goremykin on GitHub (Apr 9, 2025). ### Description of the bug I was very surprised to find Swagger on my public Jellyfin instance (docker container). And I don't see any option how to disable it on Jellyfin side, so had to close it on reverse proxy level. If this is expected behavior, just close the issue. I guess this is not the expected behavior considering that 99% of users are unlikely to use it and it makes life easier for attackers. If we talk about resources, then turning off Swagger will not reduce many resources, but on weak devices every resource matters. ### Reproduction steps 1. Run Jellyfin in a docker container 2. Go to /api-docs/swagger/index.html ### What is the current _bug_ behavior? Swagger UI is opened ### What is the expected _correct_ behavior? 404 error ### Jellyfin Server version 10.10.0+ ### Specify commit id _No response_ ### Specify unstable release number _No response_ ### Specify version number _No response_ ### Specify the build version 10.10.7 ### Environment ```markdown - OS:Linux - Linux Kernel: 6.11 - Virtualization: Docker ``` ### Jellyfin logs ```shell Not relevant ``` ### FFmpeg logs ```shell ``` ### Client / Browser logs _No response_ ### Relevant screenshots or videos _No response_ ### Additional information _No response_
OVERLORD added the bug label 2026-02-07 04:15:50 +03:00
OVERLORD commented 2026-02-07 04:15:52 +03:00
Author
Owner
Copy Link

@nielsvanvelzen commented on GitHub (Apr 9, 2025):

This is intended behavior, the API of Jellyfin is public. In normal situations you wouldn't open this document by yourself so it won't consume any resources.

@nielsvanvelzen commented on GitHub (Apr 9, 2025): This is intended behavior, the API of Jellyfin is public. In normal situations you wouldn't open this document by yourself so it won't consume any resources.
OVERLORD commented 2026-02-07 04:15:53 +03:00
Author
Owner
Copy Link

@goremykin commented on GitHub (Apr 9, 2025):

@nielsvanvelzen, Thanks for your answer. Let's close the issue then.
In terms of resources it of course uses some to create and store the schema, but it is too minimal to be an argument.

@goremykin commented on GitHub (Apr 9, 2025): @nielsvanvelzen, Thanks for your answer. Let's close the issue then. In terms of resources it of course uses some to create and store the schema, but it is too minimal to be an argument.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
EFjellyfin.db
area:database
awaiting-feedback
backend
blocked
breaking change: web api
bug
build
ci
confirmed
discussion needed
dotnet future
downstream
duplicate
enhancement
feature
future
github-actions
good first issue
hdr
help wanted
invalid
investigation
librarydb
live-tv
lyrics
media playback
music
needs testing
nuget
performance
platform
pull-request
Mirrored from GitHub Pull Request
 question
regression
release critical
requires-web
roadmap
security
security
stale
support
syncplay
ui & ux
upstream
wontfix
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/jellyfin#6900
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?