Release 3.0.6 breaks HTTPS support

[Bert-R]

With build 3.0.5, HTTPS worked, though the curl command was wrong. With 3.0.5, the curl command is right, but HTTPS does not work anymore.

To test it go to https://beta.prd.yona.nu/swagger-ui/index.html and try out the first operation, entering asdf in both input fields.

That should result in an error from the server, but currently shows "TypeError: Failed to fetch"

[shockey]

One step forward, two steps back....

Thanks for filing this, @Bert-R!

From the Swagger 2.0 Specification:

schemes: The transfer protocol of the API.

Values MUST be from the list: "http", "https", "ws", "wss". If the schemes is not included, the default scheme to be used is the one used to access the Swagger definition itself.

Looks like we aren't considering the effective URL scheme of relative paths correctly, which is a bug.

In the meantime, adding this to your spec should get things working again:

schemes:
- https

[webron]

[shockey]

Note: this is now testable via https://spotty-cloth.surge.sh/?url=./swagger.yaml, as @Bert-R's URL has been updated with the schemes workaround mentioned above.

[shockey]

@Bert-R, this should be fixed in master now. Please reply if you continue to experience this issue, and I'll reopen.

Thanks for using Swagger!

[Bert-R]

Thanks for fixing this!

Swagger UI is a wonderful tool that we really appreciate.

I'll wait for the 3.0.7 release to upgrade, so we are on a defined version.

[Bert-R]

This works fine in 3.0.7. Thanks a lot!

[ShaneGMamet]

Hey guys,

I've just grabbed master (3.0.19) and am having this exact same issue, see my Stackoverflow post here: https://stackoverflow.com/questions/45156665/swagger-ui-typeerror-failed-to-fetch-on-valid-response

In a nutshell, I've simply upgraded to 3.0.19 then forced a 403 error, instead of getting a 403 - forbidden, it's returning "TypeError: Failed to fetch".

Everything that should be needed is in the Stackoverflow post.

[shockey]

@ShaneGMamet, sorry you're having trouble! What version were you on before you upgraded to the current version?

Also - can you share your spec, or a proof of concept that will help us see the problem?

[ShaneGMamet]

Hey @shockey thanks for the quick response;
Previous version: * @version v2.2.6
The spec is about 50 000+ lines, I've added what I think is the important section below:

"host": "uk-test-api.leap.services",
"schemes": ["https"],`

/api/v1/cards": {
	"get": {
		"tags": ["Cards"],
		"summary": "Getsalistofcardsforafirm.",
		"operationId": "Card_GetCards",
		"produces": ["application/json"],
		"parameters": [{
			"name": "includes",
			"in": "query",
			"description": "Extracardproperties",
			"required": false,
			"type": "string"
		},
		{
			"name": "lastRowVer",
			"in": "query",
			"description": "lastRowVerofpreviousrequest",
			"required": false,
			"type": "string"
		},
		{
			"name": "Authorization",
			"in": "header",
			"description": "AuthToken",
			"required": true,
			"type": "string"
		}],
		"responses": {
			"200": {
				"description": "200response",
				"schema": {
					"$ref": "#/definitions/CardListJson"
				},
				"headers": {
					"Access-Control-Allow-Origin": {
						"type": "string"
					}
				}
			},
			"400": {
				"description": "BadRequest",
				"headers": {
					"Access-Control-Allow-Origin": {
						"type": "string"
					}
				}
			},
			"401": {
				"description": "Unauthorized",
				"headers": {
					"Access-Control-Allow-Origin": {
						"type": "string"
					}
				}
			},
			"403": {
				"description": "Forbidden",
				"headers": {
					"Access-Control-Allow-Origin": {
						"type": "string"
					}
				}
			},
			"404": {
				"description": "NotFound",
				"headers": {
					"Access-Control-Allow-Origin": {
						"type": "string"
					}
				}
			},
			"429": {
				"description": "TooManyRequests",
				"headers": {
					"Access-Control-Allow-Origin": {
						"type": "string"
					}
				}
			},
			"500": {
				"description": "InternalServerError",
				"headers": {
					"Access-Control-Allow-Origin": {
						"type": "string"
					}
				}
			},
			"504": {
				"description": "504GatewayTimeout",
				"headers": {
					"Access-Control-Allow-Origin": {
						"type": "string"
					}
				}
			}
		}

Even better, here's the actual Swagger page currently with the issue: https://api-swagger-uk-test.leap.services/#/

Please let me know if there is more needed?

Thanks

[shockey]

@ShaneGMamet, I tried out your Swagger-UI deploy and could only squeeze a 500 out of your server, since I don't have a valid Authorization token.

A couple questions:

1. Are you seeing any errors in your console after the request fires? If so, please share.
2. What URL is the request going to?

[ShaneGMamet]

@shockey
1 - Here is a screenshot of the actual results from the inspector: 200 - from the OPTIONS, forwarding to the request, which returns a 403.

2 - The URL is HTTPS: https://uk-test-api.leap.services/api/v1/cards

[shockey]

@ShaneGMamet Gotcha. This issue is about fetch failures related to the incorrect URL scheme being used for requests - can I ask you to open a new issue in this repository, so we don't keep nudging the folks that previously commented?

[ShaneGMamet]

@shockey I'll happily open a new issue but how is this related to an incorrect URL scheme?
This has not changed in the Swagger version changing?

[shockey]

Sorry, my sentence was ambiguous 😄 The issue we're commenting on was originally about a problem with the UI incorrectly selecting http as a scheme for requests instead of https, which was solved in version 3.0.7.

Since your request is going through as HTTPS, I'm fairly sure that isn't the source of your trouble, even though you're getting the same error message - so it'd be best to move this discussion into a new GitHub issue.

[ShaneGMamet]

@shockey new issue created: #3403
Thanks