Swagger UI attempts to load petstore on xhr.readyState.HEADERS_RECEIVED

[masch712]

My server is hosting HTTPS with swagger-tools, and when I navigate to my swagger-ui path (the default https://localhost:[port]/docs), my browser (Chrome) warns me: "Insecure content blocked". This is because the page is attempting a XHR to http://petstore.swagger.io/v2/swagger.json.
https://github.com/apigee-127/swagger-tools/blob/361c1f6f08aed64c8da1784cef5ea61a83bac787/middleware/swagger-ui/index.html#L95-L105 It seems that the xhr.onreadystatechange callback is called twice: once for HEADERS_RECEIVED, then again for DONE. On the first call, the code proceeds to call initSwaggerUi(url) with the petstore URL because the xhr.readyState is not yet DONE. The petstore JSON is hosted via HTTP, and since Chrome is showing a page over HTTPS, it warns the user of a fishy smell.
Besides the warning, the rest of the page behavior is top notch. Is this petstore call intentional? I didn't see any documentation around it.

[whitlockjc]

This should be done in swagger-ui and not in swagger-tools.