Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Swagger-UI schemes error on HTTPS #149

Closed
trestletech opened this issue Jul 27, 2017 · 2 comments
Closed

Swagger-UI schemes error on HTTPS #149

trestletech opened this issue Jul 27, 2017 · 2 comments
Labels
type: bug Maintainers have validated that it is a real bug in the project code
Milestone

Comments

@trestletech
Copy link
Contributor

The page shows an error button at the bottom. Clicking on that opens a new page with this message:

We're using the window.location.protocol which has a colon at the end which is a problem. There may be other issues, too.

{"schemaValidationMessages":[{"level":"error","message":"Can't read from file https://rsc.radixu.com/content/1938/swagger.json?schemes=https:"}]}

@trestletech trestletech added the type: bug Maintainers have validated that it is a real bug in the project code label Jul 27, 2017
@trestletech
Copy link
Contributor Author

Also, the values need to be URL-encoded when sent as query strings.

@trestletech trestletech added this to the v0.4.4 milestone Oct 16, 2017
@trestletech
Copy link
Contributor Author

It turns out this was not due (only) to the schema validation errors, though there were a few. The error was actually coming from the fact that Swagger by default uses a hosted schema validator which has to remotely access the swagger definition file in order to validate it. This means that if your Swagger definition restricted access, then the hosted instance would not be able to access/validate it, resulting in this error.

I haven't tracked down the exact login in play here, but it seems that this behavior is disabled when running locally (perhaps for all IPs) but enabled when running with what appears to be a public URL.

For now I've just disabled the validation since I, for one, found it surprising that this remote service would be involved in scanning your APIs. I believe this repo is what you'd want to run if you were to host this validator internally, but it's Java based and I'm not going to touch that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type: bug Maintainers have validated that it is a real bug in the project code
Projects
None yet
Development

No branches or pull requests

1 participant