fix(symfony): make enable_docs a master switch for disabling documentation (#7806)

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Fixes #6282

Author: soyuka

src/Symfony/Bundle/DependencyInjection/ApiPlatformExtension.php

@@ -130,6 +130,10 @@ public function load(array $configs, ContainerBuilder $container): void
             if (!isset($config['defaults']['hideHydraOperation']) && !isset($config['defaults']['hide_hydra_operation'])) {
                 $config['defaults']['hideHydraOperation'] = true;
             }
+            // Disabling docs is a master switch: also disable Swagger UI and ReDoc
+            // to prevent HTML documentation from being served on resource endpoints.
+            $config['enable_swagger_ui'] = false;
+            $config['enable_re_doc'] = false;
         }
         $jsonSchemaFormats = $config['jsonschema_formats'];
 

tests/Functional/DocumentationActionTest.php

@@ -24,17 +24,18 @@ class DocumentationActionAppKernel extends \AppKernel
 {
     public static bool $swaggerUiEnabled = true;
     public static bool $reDocEnabled = true;
+    public static bool $docsEnabled = true;
 
     public function getCacheDir(): string
     {
-        $suffix = (self::$swaggerUiEnabled ? 'ui_' : 'no_ui_').(self::$reDocEnabled ? 'redoc' : 'no_redoc');
+        $suffix = (self::$swaggerUiEnabled ? 'ui_' : 'no_ui_').(self::$reDocEnabled ? 'redoc' : 'no_redoc').(self::$docsEnabled ? '' : '_no_docs');
 
         return parent::getCacheDir().'/'.$suffix;
     }
 
     public function getLogDir(): string
     {
-        $suffix = (self::$swaggerUiEnabled ? 'ui_' : 'no_ui_').(self::$reDocEnabled ? 'redoc' : 'no_redoc');
+        $suffix = (self::$swaggerUiEnabled ? 'ui_' : 'no_ui_').(self::$reDocEnabled ? 'redoc' : 'no_redoc').(self::$docsEnabled ? '' : '_no_docs');
 
         return parent::getLogDir().'/'.$suffix;
     }
@@ -47,6 +48,7 @@ protected function configureContainer(ContainerBuilder $c, LoaderInterface $load
             $container->loadFromExtension('api_platform', [
                 'enable_swagger_ui' => DocumentationActionAppKernel::$swaggerUiEnabled,
                 'enable_re_doc' => DocumentationActionAppKernel::$reDocEnabled,
+                'enable_docs' => DocumentationActionAppKernel::$docsEnabled,
             ]);
         });
     }
@@ -158,4 +160,22 @@ public function testJsonDocumentationIsAccessibleWhenSwaggerUiIsEnabled(): void
         $this->assertJsonContains(['openapi' => '3.1.0']);
         $this->assertJsonContains(['info' => ['title' => 'My Dummy API']]);
     }
+
+    public function testEnableDocsFalseDisablesSwaggerUiAndReDoc(): void
+    {
+        DocumentationActionAppKernel::$swaggerUiEnabled = true;
+        DocumentationActionAppKernel::$reDocEnabled = true;
+        DocumentationActionAppKernel::$docsEnabled = false;
+
+        $client = self::createClient();
+
+        $container = static::getContainer();
+        $this->assertFalse($container->getParameter('api_platform.enable_docs'));
+        // enable_docs: false acts as a master switch, forcing these to false
+        $this->assertFalse($container->getParameter('api_platform.enable_swagger_ui'));
+        $this->assertFalse($container->getParameter('api_platform.enable_re_doc'));
+
+        $client->request('GET', '/docs', ['headers' => ['Accept' => 'text/html']]);
+        $this->assertResponseStatusCodeSame(404);
+    }
 }