search

APIs-guru / openapi-directory

🌐 Wikipedia for Web APIs. Directory of REST API definitions in OpenAPI 2.0/3.x format
https://apis.guru/
Creative Commons Zero v1.0 Universal
3.85k stars 577 forks source link

About the $ref in header objects of mozilla.com/kinto/1.14/swagger.yaml #185

Open timburks opened 7 years ago

timburks commented 7 years ago

Is this valid?

When I look in the 2.0 schema or the specification, I don't see any mention of $ref being supported for header objects, although it is specifically mentioned in other parts of the spec, like here.

OTOH, if $ref can be allowed in arbitrary places, I'm confused as to why it is explicitly mentioned in the OpenAPI spec.

MikeRalphson commented 7 years ago

I'll have to take a look. I know I had to modify my converter/validator because of that slightly strange header $ref construct. I'm surprised swagger-parser doesn't flag it up, as that does a validation pass against the schema, but perhaps that uses a modified / loosened version of the official schema? Or perhaps it only validates against the schema after resolving all the $refs, and is using a valid-anywhere JSON-schema approach to $refs.

whitlockjc commented 7 years ago

In 2.0, $ref is not allowed everywhere. The problem depends on how the parsing/validating tools work. If you dereferenced all $ref prior to validating, you're unlikely to see JSON Schema validation errors due to $ref being in the wrong place. If you validate the original source prior to dereferencing the $refs, you should see JSON Schema validation errors if they are in the places not permitted by 2.0.

MikeRalphson commented 7 years ago

@timburks So, the consensus is that it's not valid, but it may not get fixed, owing to us not knowing how many other definitions are affected, as neither of the validators we use spot the problem.

Or is this the only example shown up by Gnostic tools?

Including @gabisurita as the submitter of the definition originally.

whitlockjc commented 7 years ago

Since JSON Reference is a non-OAI thing, I think it's fine to use JSON References wherever you want so long as when you're done processing it and hand it to some OAI tooling, things are where they should be. And then as I type this, I realize that allowing such things could be confusing so maybe it's better to just avoid it and use tooling that catches it?

Speaking of, sway has an open issue to handle this better and I can fix it as soon as I release the updated json-refs this week. I don't expect you to wait for this fix but just giving you a heads up.

MikeRalphson commented 7 years ago

Tim confirmed the Kinto definition is the only one in the collection with this problem.