Swagger UI is changing the protocol in the request from https to http #1006
Comments
|
What's the |
|
Here is the Swagger config in our code.
|
|
Okay, so you use Swagger 2.0. Do you have a |
|
No I don't have a schemes property. |
|
Okay, there may be a bug related to that then as it should use https if the spec is hosted on https. Can you try adding |
|
I'm not sure where I'm supposed to add that. |
|
Take a look here - https://github.com/swagger-api/swagger-spec/blob/master/examples/v2.0/json/petstore-minimal.json#L17-L19 - though of course use https instead of http. I'm not sure how to do that with the library you're using (not sure which library it is actually). |
|
I forgot to mention that we are using go-restful/swagger. |
|
I see, in that case, you're using Swagger 1.2. In the UI, you have a text box with a URL just before the |
|
|
|
Sorry, that was the url without the swagger.json in it....here it the right screen shot. |
|
Okay, so the problem is that your basePath uses http and not https. I'm not familiar with go nor go-resftul so I'm not sure how to fix that, though I assume setting https://github.com/emicklei/go-restful/blob/89af920d613f1e3f771f6460b2629632e7a36ae9/swagger/swagger.go#L119 would solve that issue. |
|
So our base path is relative. Every time we deploy code the server is torn down a rebuilt, thus a new base path with every deploy. |
|
That's fine, but you still need to build it with https and not http if you want the operations to run against https. |
|
I'm not sure what you are saying. |
|
If you look at the JSON you shared, and look at the |
|
webron, could you all explore allowing a schemeless protocol to be entered, e.g., "//" instead of "http://"? This would allow people who do not want to specify/force one protocol over another to access our Swagger docs and try them out. This would not prevent people from being specific about the protocol they wish to use at all, if so desired. For example we have both http and https versions of our web assets using the same doc root, including web services using a schemeless URL approach. See section 4.2 of RFC 3986 that provides for fully qualified URLs that omit protocol (the HTTP or HTTPS) altogether. When a URL’s protocol is omitted, the browser uses the underlying document’s protocol instead. This would allow both (http and https) versions of my Swagger docs to have a working "Try It out!" feature. |
|
@Spin45 - no need to explore. Swagger 2.0 supports it already. |
|
@bretzmo - any update on this? |
|
please reopen if still an issue. |
|
Same issue here. My swagger.json is the following (replacing '...' with some data): {
"swagger": "2.0",
"info": {
"version": "v1",
"title": "Documentation for API",
"description": "..."
},
"host": "apiuat:3030",
"schemes": ["http", "https"],
"paths": {
"...": { ... }
},
"definitions": {
"...": { ... }
}
}And I'm calling the swagger-ui in this function: $(function () {
var version = window.location.href.match(/v\d+(\.\d+)*/); //any v1, v1.2, v1.2.3 ...
version = version && version[0] ? version[0] : 'v1';
var url = window.location.origin + '/docs/' + version;
window.swaggerUi = new SwaggerUi({
url: url,
dom_id: "swagger-ui-container",
validatorUrl: null,
supportedSubmitMethods: ['get', 'post', 'put', 'delete'],
onComplete: function (swaggerApi, swaggerUi) {
log("Loaded SwaggerUI");
$('pre code').each(function (i, e) {
hljs.highlightBlock(e)
});
$('#api_info').addClass('container');
$('input[name=grant_type]').val('password');
},
onFailure: function (data) {
log("Unable to Load SwaggerUI");
},
docExpansion: "none",
apisSorter: "alpha",
//operationsSorter: "alpha"
});
swaggerUi.load();
});When I 'Try it out!' one of my methods, I'm getting the following error on Google Chrome:
Should my swagger.json "schemes" be only ["https"] ? I'm asking this, because I have dev, uat and prod environments and we don't use https in dev (just in uat and production). I'm using Swashbuckle, by the way. Thanks |
|
@brenovieira - I know it looks similar, but it's actually a different issue (or at least potentially). Can you open a separate ticket on it? |
|
@webron - Sure! But I just saw that we're using swagger-ui.js version 2.1.0-alpha.4. I updated to 2.1.0 and we'll deploy to uat environment soon, then I'll test if the latest version (2.1.0) is showing the same problem and I open the issue. |
|
@brenovieira - great, thanks |
|
Hi, @brenovieira I have the same issue, could you please tell me how you resolved your initial issue? Thanks, Siarhei |
|
This work.
|
The request url that I enter contains https but when I click the Try It Out button, the request url that Swagger UI generates contains http. This is causing no data to be received. I can mimic this behavior in a browser and when using https I receive a valid response, but when I use http in the direct browser request I receive No Data Received. I need to figure out why Swagger UI is changing the protocol.
The text was updated successfully, but these errors were encountered: