Skip to content

Handling of relative URLs in servers does not follow spec #5401

New issue
New issue
Closed
swagger-api/swagger-js
#1883
Closed
Handling of relative URLs in servers does not follow spec#5401
swagger-api/swagger-js
#1883
@mgabeler-lee-6rs

Description

@mgabeler-lee-6rs
mgabeler-lee-6rs
opened on Jun 14, 2019

Q&A (please complete the following information)

  • OS: Various (macOS, Linux)
  • Browser: Various, at least Chrome
  • Version: ?
  • Method of installation: npm
  • Swagger-UI version: 3.22.3
  • Swagger/OpenAPI version: OpenAPI 3.0

Content & configuration

App running behind a reverse proxy that applies a path prefix to all URLs to the app (to host multiple apps on one hostname). E.g. app sees itself hosting things at /, with the spec hosted at /foo/openapi.json and the endpoints at paths like /v1/bar, but actual clients see everything under /a/b/c/app/foo/openapi.json or /a/b/c/app/v1/bar.

Example Swagger/OpenAPI definition (hosted at /foo/openapi.json -- :

{
  "openapi": "3.0.0",
  // ...
  "servers": [
    {
      "url": "../"
    }
  ],
}

Swagger-UI configuration options:
Hosted at /foo/

SwaggerUIBundle({
	url: './openapi.json',
	dom_id: '#swagger-ui',
	deepLinking: true,
	filter: true,
	defaultModelsExpandDepth: 0,
	defaultModelExpandDepth: 0,
	presets: [
		SwaggerUIBundle.presets.apis,
		SwaggerUIStandalonePreset.slice(1) // Disable the top bar
	],
	plugins: [
		SwaggerUIBundle.plugins.DownloadUrl
	],
	layout: 'StandaloneLayout'
})

Describe the bug you're encountering

The UI evaluates the relative URL in the servers list as relative to the protocol+host, not as relative to the spec file. The result is that it tries to send requests to https://hostname../v1/bar -- yes, the .. ends up part of the hostname!

To reproduce...

Steps to reproduce the behavior:

  1. Point swagger-ui at an API spec that uses a path-relative URL for the server, not a host-relative one
  2. Try to use swagger-ui
  3. Observe it sends requests to incorrect URLs

Expected behavior

The swagger ui should obey the OpenAPI specification

Screenshots

image
Note: this is a somewhat simpler use case without the reverse proxy, everything at the root, and the servers[].url entry set to simply ./, but it demonstrates the same failure to handle the relative URL properly.

Additional context or thoughts

This seems to be related to a discrepancy between the OAS specification:
https://swagger.io/specification/#serverObject
vs. swagger's internal documentation:
https://swagger.io/docs/specification/api-host-and-base-path/#relative-urls

OAS spec:

A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served

Swagger docs:

The URLs in the servers array can be relative, such as /v2. In this case, the URL is resolved against the server that hosts the given OpenAPI definition.

(emphasis mine)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions