Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix OpenAPI server URLs for Aspire scenarios #60673

Open
wants to merge 3 commits into
base: release/9.0
Choose a base branch
from
Open

Fix OpenAPI server URLs for Aspire scenarios #60673

wants to merge 3 commits into from
+63 −8

Conversation

captainsafia
Copy link
Member

@captainsafia captainsafia commented Feb 28, 2025
edited
Loading

Description

This PR supports respecting he X-Forwarded-Proto and X-Forwarded-Host headers when generating server URLs in OpenAPI documents. When these headers are present in the request, the OpenAPI document service will use them to generate the correct server URLs instead of using the original host and scheme values derived from the service configuration.

This is particularly useful in environments where the API is behind a proxy, load balancer, or gateway, allowing the generated OpenAPI document to correctly reference the public-facing URL rather than the internal service URL.

Fixes #57332

Customer Impact

Without this change, documents served behind reverse proxies or forwarded endpoints do not reflect the correct service URl, particularly impact for the ASP.NET Core + Aspire scenario. While the issue is easy to workaround, we want a smoother experience with Aspire out-of-the-box.

Regression?

  • Yes
  • No

Risk

  • High
  • Medium
  • Low

Low-risk, becase change as it only affects the generation of server URLs in OpenAPI documents and does not impact the actual API functionality.

Verification

  • Manual (required)
  • Automated

Packaging changes reviewed?

  • Yes
  • No
  • N/A

@captainsafia
Support resolving OpenAPI server URLs from HttpRequest (#60617)
2f2b731 
* Support resolving OpenAPI server URLs from HttpRequest

* Try passing optional params everywhere
@captainsafia
Fix up handling for forwarded headers
bf991f6
@Copilot Copilot bot review requested due to automatic review settings February 28, 2025 23:54
@captainsafia captainsafia requested a review from a team as a code owner February 28, 2025 23:54
@dotnet-issue-labeler dotnet-issue-labeler bot added the area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates label Feb 28, 2025
@dotnet-policy-service dotnet-policy-service bot added this to the 9.0.x milestone Feb 28, 2025
Copilot
Copilot AI reviewed Feb 28, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Overview

This PR fixes the generation of OpenAPI server URLs in proxy scenarios by properly using X-Forwarded-Proto and X-Forwarded-Host headers to compute the externally accessible URLs.

  • Adds new tests to validate behavior with different forwarded header values.
  • Updates the OpenApiDocumentService API to accept an optional HttpRequest parameter and adjust server URL construction accordingly.
  • Modifies the endpoint extension to propagate the HttpRequest to the document service.

Reviewed Changes

File Description
src/OpenApi/test/Microsoft.AspNetCore.OpenApi.Tests/Services/OpenApiDocumentService/OpenApiDocumentServiceTests.Servers.cs Introduces tests validating the use of forwarded headers and expected URL generation.
src/OpenApi/src/Services/OpenApiDocumentService.cs Updates method signatures and logic to use the optional HttpRequest for URL generation.
src/OpenApi/test/Microsoft.AspNetCore.OpenApi.Tests/Services/OpenApiDocumentServiceTestsBase.cs Updates verification calls to pass null for the httpRequest parameter where not applicable.
src/OpenApi/src/Extensions/OpenApiEndpointRouteBuilderExtensions.cs Adjusts method calls to pass the HttpRequest in order to leverage the new URL generation logic.

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

@captainsafia captainsafia added feature-openapi area-minimal Includes minimal APIs, endpoint filters, parameter binding, request delegate generator etc Servicing-consider Shiproom approval is required for the issue labels Feb 28, 2025
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Hi @captainsafia. Please make sure you've updated the PR description to use the Shiproom Template. Also, make sure this PR is not marked as a draft and is ready-to-merge.

To learn more about how to prepare a servicing PR click here.

This was referenced Mar 1, 2025
Open
Open
@captainsafia captainsafia mentioned this pull request Mar 3, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot

@BrennanConroy BrennanConroy

Assignees
No one assigned
Labels
area-minimal Includes minimal APIs, endpoint filters, parameter binding, request delegate generator etc area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates feature-openapi Servicing-consider Shiproom approval is required for the issue
Projects
None yet
Milestone
9.0.x
Development

Successfully merging this pull request may close these issues.
2 participants
@captainsafia @BrennanConroy