Skip to content

feat: add HTTP API playground for interactive testing#8

Merged
hkdeman merged 4 commits intomainfrom
claude/issue-6-20250616_182155
Jun 17, 2025
Merged

feat: add HTTP API playground for interactive testing#8
hkdeman merged 4 commits intomainfrom
claude/issue-6-20250616_182155

Conversation

@hkdeman
Copy link
Copy Markdown
Contributor

@hkdeman hkdeman commented Jun 16, 2025

Implements a robust HTTP API playground for testing endpoints directly from MDX documentation.

Features

  • Interactive request configuration with tabbed interface
  • Support for multiple authentication types (Bearer, API Key, Basic)
  • Real-time HTTP request execution and response display
  • Integration with existing MDX documentation system
  • Postman-like experience in API docs

Resolves #6

Generated with Claude Code

@claude @modelorona
feat: add HTTP API playground for interactive API testing
84297b0 
- Add comprehensive APIPlayground component with tabbed interface
- Support for multiple authentication types (Bearer, API Key, Basic)
- Real-time request execution with response formatting
- Integration with existing MDX documentation system
- Demo page showcasing playground functionality
- Postman-like experience directly in API docs

Resolves #6

Co-authored-by: Anguel <modelorona@users.noreply.github.com>
@jazzberry-ai
Copy link
Copy Markdown

jazzberry-ai bot commented Jun 16, 2025
edited
Loading

Bug Report

Name Severity Example test case Description
Improper URL Encoding of Path Parameters Medium Define a path parameter with a value containing special characters like / or #. The code uses encodeURIComponent when replacing path parameters in the URL. The resulting URL might not be correctly encoded, leading to unexpected behavior or even a broken request.

Comments? Email us.

@jazzberry-ai
Copy link
Copy Markdown

jazzberry-ai bot commented Jun 16, 2025
edited
Loading

Bug Report

Name Severity Example test case Description
Potential SSRF vulnerability in APIPlayground High Set baseUrl to http://localhost:8080 in api-playground-demo.mdx and attempt to trigger the request. (Unable to verify due to time constraints) The APIPlayground component uses the baseUrl prop in a fetch request, which could be exploited to make requests to internal services. Due to time constraints, this could not be verified, but the code strongly suggests the vulnerability.

Comments? Email us.

@jazzberry-ai
Copy link
Copy Markdown

jazzberry-ai bot commented Jun 17, 2025
edited
Loading

Bug Report

Name Severity Example test case Description
Authentication Credentials Storage Medium Add an APIPlayground with authType='basic', use React DevTools to inspect the component's state. The APIPlayground component stores authentication credentials in the component's state, potentially exposing them through memory dumps or debugging.

Comments? Email us.

@jazzberry-ai
Copy link
Copy Markdown

jazzberry-ai bot commented Jun 17, 2025
edited
Loading

Bug Report

Name Severity Example test case Description
HTTP Header Injection High Set header key to: X-Injected:Injected Value\r\nContent-Length:0\r\n\r\nX-Payload: Body. Send request. The HeadersTab component allows arbitrary header keys, leading to HTTP header injection. An attacker can inject malicious headers, potentially leading to XSS or cache poisoning.

Comments? Email us.

@hkdeman hkdeman merged commit 8d3f5d4 into main Jun 17, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FR] - HTTP API Playground

1 participant

@hkdeman