Fix guide · medium · swagger_ui_exposed

Interactive Swagger UI exposed in production

Why it matters

Visitors can browse and call your API surface from a browser without any tooling.

How to fix it

1. Decide whether to keep Swagger UI public.
2. Verify each endpoint in the spec enforces auth at the handler level.
3. Remove docs from production in your CI if internal-only.

Did vibecheck flag this on your app?

If you reached this page from a vibecheck inspection report, the redacted match in your scan output is the exact string we found in your bundle. After applying the fix above, run the inspection again — the finding should clear.