Failed to fetch http://somefunctionname.azurewebsites.net/swagger.json - The page was loaded over https:// but a http:// URL was specified

[dr-dolittle]

Microsoft.Azure.WebJobs.Extensions.OpenApi v0.8.1-preview

The extension works locally when I make a request to https://somefunctionname.azurewebsites.net/swagger/ui. When I deploy the Azure Function to Azure https://somefunctionname.azurewebsites.net/swagger.json also works. But when I try https://somefunctionname.azurewebsites.net/swagger/ui I get

Fetch errorFailed to fetch http://somefunctionname.azurewebsites.net/swagger.json
Fetch errorPossible mixed-content issue? The page was loaded over https:// but a http:// URL was specified. Check that you are not attempting to load mixed content.

When I then update the Explore URI to https it works

Is this a bug or do I miss a setting to work with HTTPS on the first request?

Thanks

[justinyoo]

@dr-dolittle Thanks for the issue! Would you please provide more details on your AzFunc app instance details?

1. Windows instance or Linux instance
2. Force HTTPS only or not

[dr-dolittle]

@justinyoo Linux, HTTPS only

[justinyoo]

@justinyoo Linux, HTTPS only

Thanks for confirming that. It's a known issue on the Linux instance. If you deploy it to the Windows instance, it won't happen. It's something we can't handle.

/cc @fabiocav @jeffhollan

[mlowijs]

@justinyoo What do you mean it is something you can't handle? Is it not possible to offer this as a configuration option or something like that?

[justinyoo]

It's not the issue on the extension side.

That only occurs on the Linux-based instance, which I suspect that the instance internally uses a reverse proxy or something similar to handle all the traffic in HTTP, not HTTPS.

Alternatively, as the UI script relies on https://github.com/swagger-api/swagger-ui, it's better to ask them for workaround. I have no visibility to the Swagger UI scripts.

[justinyoo]

But, let me take a look at this issue. I might have an idea how to fix this.

[shlee7131]

Can I join this problem?

[justinyoo]

@shlee7131 Alright. I'll assign this issue to you. As I've done some base work before you jumped on this issue, you can continue your contribution on the feature/force-https branch.

In the branch, you'll see the new properties, ForceHttp and ForceHttps on the IOpenApiConfigurationOptions interface.

https://github.com/Azure/azure-functions-openapi-extension/blob/cc5e8a8c5f66810ba1042506ad95209ae7d04059/src/Microsoft.Azure.WebJobs.Extensions.OpenApi.Core/Abstractions/IOpenApiConfigurationOptions.cs#L33-L41

With this property, find the AddServer(...) method on both src/Microsoft.Azure.Functions.Worker.Extensions.OpenApi/Document.cs

https://github.com/Azure/azure-functions-openapi-extension/blob/cc5e8a8c5f66810ba1042506ad95209ae7d04059/src/Microsoft.Azure.Functions.Worker.Extensions.OpenApi/Document.cs#L76

and src/Microsoft.Azure.WebJobs.Extensions.OpenApi/Document.cs.

https://github.com/Azure/azure-functions-openapi-extension/blob/cc5e8a8c5f66810ba1042506ad95209ae7d04059/src/Microsoft.Azure.WebJobs.Extensions.OpenApi/Document.cs#L72

Then, apply both ForceHttp and ForceHttps property values to the line I specified.

• If ForceHttp == false and ForceHttps == false then no change
• If ForceHttp == true and ForceHttps == false then it SHOULD be HTTP
• If ForceHttp == false and ForceHttps == true then it SHOULD be HTTPS
• If ForceHttp == true and ForceHttps == true then it SHOULD be HTTPS

Please let me know if you have any question around this.

[mikemassa84]

@dr-dolittle I reported this same issue, and found this work around:

https://github.com/Azure/Azure-Functions/issues/1933#issuecomment-889178952

Hope it helps.

@justinyoo The azure functions team punted this issue back to you.