Wrong host in Swagger JSON in v9.0.0

[nhhagen]

Context

• hapi-swagger version: v9.0.0

What are you trying to achieve or the steps to reproduce ?

E.g accessing http://my-hostname:8443/documentation allows me to run requests, accessing http://localhost:8443/documentation does not allow me to requests. Using curl I can run my requests.

It turns out the swagger JSON is not generated with the host from the request header like it used to.

In ./lib/builder.js L150 the host is now read from the server configuration and not the request host header. This causes the swagger ui only to be useable from the address that is selected by hapi as the server address. This was changed between v7.x and v9.0.0

https://github.com/glennjones/hapi-swagger/blob/v9.0.0/lib/builder.js#L150

https://github.com/glennjones/hapi-swagger/blob/v7.9.1/lib/builder.js#L159

v7.9.1...v9.0.0#diff-dde50c51d91de11d407f53423f3baeecL159

// request.server.info
{ created: 1515067607426,
  started: 1515067607573,
  host: 'my-hostname',
  port: 8443,
  protocol: 'http',
  id: 'my-hostname:34645:jc0g4vpe',
  uri: 'http://my-hostname:8443',
  address: '0.0.0.0' }

// request.info
{ received: 1515067609350,
  remoteAddress: '127.0.0.1',
  remotePort: 56542,
  referrer: 'http://localhost:8443/swaggerui/css/screen.css',
  host: 'localhost:8443',
  hostname: 'localhost',
  id: '1515067609350:my-hostname:34645:jc0g4vpe:10025',
  acceptEncoding: 'gzip',
  cors: null,
  responded: 0 }

As a workaround one can do (but is an ugly hack):

  server.ext('onRequest', async (request, h) => {
    request.headers['x-forwarded-host'] = (request.headers['x-forwarded-host'] || request.info.host);
    return h.continue;
  });

[duro]

Can confirm this issue is happening to us as well

[feugy]

Hi!
I confirm I'm having the issue as well. The fix solves it.

As a temporary workaround, setting cors on the targeted server fixes it also.

[gino8080]

confirm same error

using @nhhagen fix works for now

[Glockenbeat]

Wouldn't it be much better to simply use a relative path and ignore the host? There are so many scenarios I can think of right now which would make it much more necessary to not deal with the Hapi server configuration but just use the host the documentation is currently viewed with, e.g. a proxied or containerized environment.

[alexbfreeman]

Happening to me as well. I would prefer not to use the ugly hack. I'm using hapi-require-https for http redirect and it seems to do server.ext. I'm afraid the hack would overwrite what hapi-require-https is doing. Or maybe I just don't understand how it works...

[brandoncollins7]

Any solution for this?

[adonisv79]

@nhhagen thanks. it works! hope this was built in such that if hapi's host = 0.0.0.0, hapi-swagger uses the host's current IP directly...

[danielo515]

I'm also facing this problem with hapi 17.5.0 and hapi-swagger 9.1.1
If I navigate to localhost/documentation requests are made to my hostname instead of to localhost (my hostname is something like myname.local ). I have to navigate to 0.0.0 to be able to perform the tests correctly. This is very annoying for a piece of software so useful and that works so well.
Hope it gets fixed soon.

[imcodingideas]

I also, am experiencing the same thing from my end.

[cpomerantz]

The address should definitely not come from the server, it should either be relative or from the browser. In the case of the server residing behind a load balancer (I am experiencing this issue), if the IP Address of the server is used then the client will never be able to reach the server if the servers behind the firewall are not directly exposed to the browser.

[jrpedrianes]

Any update on this issue?

[robmcguinness]

Closed with the release of v9.1.2