index.html loads the petstore swagger document instead of R4R

blairlearn commented 3 years ago

Issue description

Accessing /r4r/v1/index.html leads to an error message as the page attempts to load the sample swagger document from http://petstore.swagger.io instead of the one for R4R. The error occurs because in addition to being the wrong swagger document, it's also being loaded over HTTP onto an HTTPS page.

ESTIMATE TBD

Steps to reproduce the issue

Navigate to https://webapis.cancer.gov/r4r/v1/index.html

What's the expected result?

An interactive form documenting the API's available functionality.

What's the actual result?

Error failing to fetch http://petstore.swagger.io/v2/swagger.json

Additional details / screenshot

Accessing https://webapis.cancer.gov/r4r/v1/ (leaving off the "index.html") works as expected.

Related Tickets

Issue #9999
Issue #9999

blairlearn commented 3 years ago

This is flagged as a medium security vulnerability.

blairlearn commented 1 year ago

Fixed in 55f873390118c34edfedcc16182472709c3b1ea1

NCIOCPL / r4r-api