Swashbuckle.aspnetcore: Using 'http' in develop and 'https' in production

Created on 13 Jan 2017  路  2Comments  路  Source: domaindrivendev/Swashbuckle.AspNetCore

Hey Guys

I am using ASP.Net Core to build a REST Api. We are enforcing https on our production server but not on develop. Is it possible to change the schema so that if env.IsProduction it uses https calls and if env.IsDevelopment it will use http calls?

Thanks for answering my question

picture Franklin89

Most helpful comment

@Franklin89 - by default Swashbuckle omits the "schemes" field in the Swagger output. This means that the swagger-ui tool will construct requests based on the scheme that was used to access the Swagger JSON. So, if you access the swagger-ui over HTTP in development, then that's what will be used to construct requests. And, if you access the swagger-ui over HTTPS in prod, then that will be used to construct requests. So, if I'm understanding your requirements correctly, this should just work correctly in both cases.

However, if you do want to specify an explicit scheme for each environment, you can use @sandorfr's extension OR you can leverage a simple hook to add the environment specific schemes prior to serializing the Swagger document into JSON:

app.UseSwagger(c =>
{
    var schemes = _hostingEnv.IsDevelopment() ? new[] { "http" } : new[] { "https" };
    c.PreSerializeFilters.Add((swagger, httpReq) => swagger.Schemes = schemes);
});
picture domaindrivendev on 25 Jan 2017
👍3

All 2 comments

If you are looking for a quick solution to this issue you can leverage our Swashbuckle extension package.

if (env.IsDevelopment()){
     options.UseSchemes(schemes => schemes.Add("http"));
} else {
     options.UseSchemes(schemes => schemes.Add("https"));
}

This is open source so feel free to copy past library code if you don't want to reference the library ^^.

sandorfr picture sandorfr on 14 Jan 2017

@Franklin89 - by default Swashbuckle omits the "schemes" field in the Swagger output. This means that the swagger-ui tool will construct requests based on the scheme that was used to access the Swagger JSON. So, if you access the swagger-ui over HTTP in development, then that's what will be used to construct requests. And, if you access the swagger-ui over HTTPS in prod, then that will be used to construct requests. So, if I'm understanding your requirements correctly, this should just work correctly in both cases.

However, if you do want to specify an explicit scheme for each environment, you can use @sandorfr's extension OR you can leverage a simple hook to add the environment specific schemes prior to serializing the Swagger document into JSON:

app.UseSwagger(c =>
{
    var schemes = _hostingEnv.IsDevelopment() ? new[] { "http" } : new[] { "https" };
    c.PreSerializeFilters.Add((swagger, httpReq) => swagger.Schemes = schemes);
});
domaindrivendev picture domaindrivendev on 25 Jan 2017
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

govin picture govin  路  3Comments
vanillajonathan picture vanillajonathan  路  3Comments
jluqueba picture jluqueba  路  4Comments
alasvant picture alasvant  路  3Comments
m-demydiuk picture m-demydiuk  路  3Comments