Swagger-ui: Release 3.0.6 breaks HTTPS support
With build 3.0.5, HTTPS worked, though the curl command was wrong. With 3.0.5, the curl command is right, but HTTPS does not work anymore.
To test it go to https://beta.prd.yona.nu/swagger-ui/index.html and try out the first operation, entering asdf in both input fields.
That should result in an error from the server, but currently shows "TypeError: Failed to fetch"
Bert-R
All 15 comments
One step forward, two steps back....
Thanks for filing this, @Bert-R!
From the Swagger 2.0 Specification:
schemes: The transfer protocol of the API.Values MUST be from the list: "http", "https", "ws", "wss". If the schemes is not included, the default scheme to be used is the one used to access the Swagger definition itself.
Looks like we aren't considering the effective URL scheme of relative paths correctly, which is a bug.
In the meantime, adding this to your spec should get things working again:
schemes:
- https
shockey
on 15 Apr 2017
webron
on 16 Apr 2017
Note: this is now testable via https://spotty-cloth.surge.sh/?url=./swagger.yaml, as @Bert-R's URL has been updated with the schemes workaround mentioned above.
shockey
on 19 Apr 2017
@Bert-R, this should be fixed in master now. Please reply if you continue to experience this issue, and I'll reopen.
Thanks for using Swagger!
shockey
on 19 Apr 2017
Thanks for fixing this!
Swagger UI is a wonderful tool that we really appreciate.
I'll wait for the 3.0.7 release to upgrade, so we are on a defined version.
Bert-R
on 19 Apr 2017
This works fine in 3.0.7. Thanks a lot!
Bert-R
on 22 Apr 2017
Hey guys,
I've just grabbed master (3.0.19) and am having this exact same issue, see my Stackoverflow post here: https://stackoverflow.com/questions/45156665/swagger-ui-typeerror-failed-to-fetch-on-valid-response
In a nutshell, I've simply upgraded to 3.0.19 then forced a 403 error, instead of getting a 403 - forbidden, it's returning "TypeError: Failed to fetch".
Everything that should be needed is in the Stackoverflow post.
ShaneGMamet
on 18 Jul 2017
@ShaneGMamet, sorry you're having trouble! What version were you on before you upgraded to the current version?
Also - can you share your spec, or a proof of concept that will help us see the problem?
shockey
on 18 Jul 2017
Hey @shockey thanks for the quick response;
Previous version: * @version v2.2.6
The spec is about 50 000+ lines, I've added what I think is the important section below:
"host": "uk-test-api.leap.services",
"schemes": ["https"],`
/api/v1/cards": {
"get": {
"tags": ["Cards"],
"summary": "Getsalistofcardsforafirm.",
"operationId": "Card_GetCards",
"produces": ["application/json"],
"parameters": [{
"name": "includes",
"in": "query",
"description": "Extracardproperties",
"required": false,
"type": "string"
},
{
"name": "lastRowVer",
"in": "query",
"description": "lastRowVerofpreviousrequest",
"required": false,
"type": "string"
},
{
"name": "Authorization",
"in": "header",
"description": "AuthToken",
"required": true,
"type": "string"
}],
"responses": {
"200": {
"description": "200response",
"schema": {
"$ref": "#/definitions/CardListJson"
},
"headers": {
"Access-Control-Allow-Origin": {
"type": "string"
}
}
},
"400": {
"description": "BadRequest",
"headers": {
"Access-Control-Allow-Origin": {
"type": "string"
}
}
},
"401": {
"description": "Unauthorized",
"headers": {
"Access-Control-Allow-Origin": {
"type": "string"
}
}
},
"403": {
"description": "Forbidden",
"headers": {
"Access-Control-Allow-Origin": {
"type": "string"
}
}
},
"404": {
"description": "NotFound",
"headers": {
"Access-Control-Allow-Origin": {
"type": "string"
}
}
},
"429": {
"description": "TooManyRequests",
"headers": {
"Access-Control-Allow-Origin": {
"type": "string"
}
}
},
"500": {
"description": "InternalServerError",
"headers": {
"Access-Control-Allow-Origin": {
"type": "string"
}
}
},
"504": {
"description": "504GatewayTimeout",
"headers": {
"Access-Control-Allow-Origin": {
"type": "string"
}
}
}
}
Even better, here's the actual Swagger page currently with the issue: https://api-swagger-uk-test.leap.services/#/
Please let me know if there is more needed?
Thanks
ShaneGMamet
on 18 Jul 2017
@ShaneGMamet, I tried out your Swagger-UI deploy and could only squeeze a 500 out of your server, since I don't have a valid Authorization token.
A couple questions:
1) Are you seeing any errors in your console after the request fires? If so, please share.
2) What URL is the request going to?
shockey
on 18 Jul 2017
@shockey
1 - Here is a screenshot of the actual results from the inspector: 200 - from the OPTIONS, forwarding to the request, which returns a 403.
2 - The URL is HTTPS: https://uk-test-api.leap.services/api/v1/cards
ShaneGMamet
on 18 Jul 2017
@ShaneGMamet Gotcha. This issue is about fetch failures related to the incorrect URL scheme being used for requests - can I ask you to open a new issue in this repository, so we don't keep nudging the folks that previously commented?
shockey
on 18 Jul 2017
@shockey I'll happily open a new issue but how is this related to an incorrect URL scheme?
This has not changed in the Swagger version changing?
ShaneGMamet
on 18 Jul 2017
Sorry, my sentence was ambiguous 馃槃 The issue we're commenting on was originally about a problem with the UI incorrectly selecting http as a scheme for requests instead of https, which was solved in version 3.0.7.
Since your request is going through as HTTPS, I'm fairly sure that isn't the source of your trouble, even though you're getting the same error message - so it'd be best to move this discussion into a new GitHub issue.
shockey
on 18 Jul 2017
@shockey new issue created: https://github.com/swagger-api/swagger-ui/issues/3403
Thanks
ShaneGMamet
on 18 Jul 2017
Related issues
DavidBiesack
路
4Comments
ankon
路
4Comments
LaysDragon
路
3Comments
fehguy
路
3Comments
deepumi
路
3Comments
Most helpful comment
This works fine in 3.0.7. Thanks a lot!