My server is hosting HTTPS with swagger-tools, and when I navigate to my swagger-ui path (the default https://localhost:[port]/docs), my browser (Chrome) warns me: "Insecure content blocked". This is because the page is attempting a XHR to http://petstore.swagger.io/v2/swagger.json. https://github.com/apigee-127/swagger-tools/blob/361c1f6f08aed64c8da1784cef5ea61a83bac787/middleware/swagger-ui/index.html#L95-L105
It seems that the xhr.onreadystatechange callback is called twice: once for HEADERS_RECEIVED, then again for DONE. On the first call, the code proceeds to call initSwaggerUi(url) with the petstore URL because the xhr.readyState is not yet DONE. The petstore JSON is hosted via HTTP, and since Chrome is showing a page over HTTPS, it warns the user of a fishy smell.
Besides the warning, the rest of the page behavior is top notch.
Is this petstore call intentional? I didn't see any documentation around it.
My server is hosting HTTPS with swagger-tools, and when I navigate to my swagger-ui path (the default https://localhost:[port]/docs), my browser (Chrome) warns me: "Insecure content blocked". This is because the page is attempting a XHR to http://petstore.swagger.io/v2/swagger.json.
https://github.com/apigee-127/swagger-tools/blob/361c1f6f08aed64c8da1784cef5ea61a83bac787/middleware/swagger-ui/index.html#L95-L105 It seems that the
xhr.onreadystatechange
callback is called twice: once forHEADERS_RECEIVED
, then again forDONE
. On the first call, the code proceeds to callinitSwaggerUi(url)
with the petstore URL because thexhr.readyState
is not yetDONE
. The petstore JSON is hosted via HTTP, and since Chrome is showing a page over HTTPS, it warns the user of a fishy smell.Besides the warning, the rest of the page behavior is top notch. Is this petstore call intentional? I didn't see any documentation around it.