A) Enhance swagger-ui for mixed content

[BK01]

Enhance the swagger-ui code to enable handling of mixed content. This will provide DataBC with a single interface for both embedded public and secure API consoles (with authorization window).

Fix issue on DataBC implementation of Swagger UI specific to new OpenAPI Console CKAN extension. If resolved, commit back to community

https://github.com/swagger-api/swagger-ui/issues/1670

[BK01]

Work around - DataBC action: force all api-specs to https. By adjusting endpoints. First, check impact of changing anonymous geocoder endpoint changing from http to https. Depends on http client - TEST urllib2 vs. urllib3. Potential performance impact also needs to be assessed (SSL handshake).

[BK01]

test geocoder (anonymous) now set to https.

[BK01]

Until this issue is resolved only API's using the DataBC Gateway can successfully display functional API consoles in BCDC. Once resolved we can restore others that wish to use BCDC's API consoles but not necessarily route through the DataBC API Gateway.

[BK01]

@ll911 @banders To be addressed by a custom version of Swagger-js (Swagger UI dependency) originating from a new fork of the core Swagger-js code.

[banders]

By the way, the swagger-ui community has been working on a solution which would choose the scheme (http or https) using the following logic:

1. If the browser's scheme is in the schemes listed in the swagger file, use the browser's scheme
2. Otherwise, use the first scheme listed in the swagger file

... that seems like a reasonable fix that would satisfy us.

The community has made some progress towards a solution, but there are still bugs, and I don't think the solution has been merged into core swagger-ui yet. if we can wait a bit longer before breaking away from the core swagger-ui, then wen can probably benefit from the community's fix for this.

[banders]

We discussed this week that we'll leave this issue for the swagger-ui community to solve for now. They seem to be making progress. If there's no progress, we may re-evaluate that approach in the future.

[BK01]

@ll911 @banders Shall we re-initiate work on this item to complete prior to March 31st?

[BK01]

Leave work-around in place. Secure spec needs, upload to BCDC. Public use GitHub.

[ghost]

Is there any update on this issue. My research tells my it existed in prior versions of Swagger UI, and it was reintroduced in the 3.x version. I just tested with 3.1.7 and received the mixed content error if both http and https are specified as schemes. It appears to always default to the first scheme rather than default to the same scheme used to load the UI.

[BK01]

@tsieberg At this point, we are still using a workaround. We are hosting public specs in GitHub and secure in our own data catalogue with an embedded swagger-ui api console. In terms of schemes listed in the api spec was are listing https first, followed by http.

We still have this issue in the backlog but were hoping that the community was making progress. If not, we may re-initiate work in the future.

We are now in the process of updating to swagger-ui 3.2.0 as well as OpenAPI specs 3.