Petstore no longer honouring explicit HTTPS scheme, and using HTTP instead?

[webron]

From @alzadude on April 11, 2017 13:37

A recent change to the Petstore seems to have broken the explicit HTTPS api call behaviour.

Steps to reproduce:

1. Go to http://petstore.swagger.io
2. Enter swagger url for the api, using HTTPS (e.g. for one of our api calls, use https://imin-platform-api.imin.co/v1/swagger.json)
3. Specify scheme HTTPS
4. Enter required api parameters (e.g. for one of our api calls, use GET /v1/search/sessions)
5. Click Execute

Expected:
Petstore executes api call using HTTPS as specified.

Actual:
Petstore appears to execute api call using HTTP (which for our api, doesn't work unfortunately), and Swagger then shows TypeError: NetworkError when attempting to fetch resource.

Would someone be able to investigate this issue to determine why making the HTTPS scheme explicit isn't working, and why HTTP is being used instead?

Thanks :)

Copied from original issue: swagger-api/swagger-core#2171

[webron]

Seems related to #2904.

[shockey]

So, my PR for #2904 (#2912) does not solve this.

I'll look into it.

cc: @bodnia

[shockey]

Latest master doesn't exhibit this problem (very likely that #2927 fixed it).

Getting a CORS error with this spec:

Fetch API cannot load https://imin-platform-api.imin.co/v1/search/sessions?lat=111&lng=111&radius=111. Response for preflight has invalid HTTP status code 404.

We're requesting with https, so this looks fixed.

@alzadude, this will be included in our Friday release. If you see any lingering problems, please reply here and I'll look into it.

Closing!

[alza-bitz]

Hi @shockey

Looking forward to today's release with this fix :) Would you be able to let me know when the release is done so I can check and test?

Thanks :)

[webron]

@alzadude If you 'watch' the project, you'll get notifications on releases as well (though you'll also get ticket notifications too). In general we try to make releases every Friday, so you can check tomorrow.

[alza-bitz]

Ok @webron thanks :)

[shockey]

@alzadude, I'll do my best to ping you, but releases generally happen at 6PM Pacific time 👍

[alza-bitz]

Hi @shockey, I just tried again but I'm still getting the same TypeError: NetworkError when attempting to fetch resource.. was there a problem with the release, or the release is delayed for some reason?

Thanks :)

[shockey]

@alzadude, we did release on Friday, my apologies for not pinging you here.

It works for me here: http://petstore.swagger.io/?url=https://imin-platform-api.imin.co/v1/swagger.json

Could you empty your caches and give it another try?

[alza-bitz]

Hi @shockey it seems to be working now :) with one exception:

When I add an an api key authorization header, even though the curl output shows HTTPS, I still get TypeError: NetworkError when attempting to fetch resource. :(

I am wondering if this is the same issue, or a new issue?

Thanks :)

[webron]

@alzadude can you share a spec to reproduce?

[lijodigiledge]

swagger 3.0 error
i tried get request

Undocumented	TypeError: NetworkError when attempting to fetch resource.
but in localhost server it is showing 300 redirecting

[r4mbo7]

swagger: '2.0'
info:
  title: End points
  version: "0.1"
  description: Simple API
consumes:
  - application/json
produces:
  - application/json
host: 10.0.2.15:3000

paths:
  /nodes:
    get:
      tags: [Nodes]
      summary: Get all nodes
      description: Get all nodes
      produces:
        - application/json
      responses:
        200:
          description: nodes
          schema:
            type: object

Starting the container as follow

docker run -p 8080:8080 -e SWAGGER_JSON=/ironman/ironman/swagger/swagger.yml -v `pwd`:/ironman swaggerapi/swagger-ui

The curl -X GET "http://10.0.2.15:3000/nodes" -H "accept: application/json" is working fine, but I have Undocumented | TypeError: NetworkError when attempting to fetch resource. from the swagger interface.

[r4mbo7]

Solving it by enabling CORS on the aiohttp server side (using aiohttp_cors)

self.webapp = aiohttp.web.Application()
self.webapp.add_routes(routes)
# Add CORS header for the swagger UI
cors = aiohttp_cors.setup(self.webapp, defaults={
    "*": aiohttp_cors.ResourceOptions(
        allow_credentials=True,
        expose_headers="*",
        allow_headers="*",
    )
})
# Configure CORS on all routes.
for route in list(self.webapp.router.routes()):
    cors.add(route)