search

geopython / pygeoapi

pygeoapi is a Python server implementation of the OGC API suite of standards. The project emerged as part of the next generation OGC API efforts in 2018 and provides the capability for organizations to deploy a RESTful OGC API endpoint using OpenAPI, GeoJSON, and HTML. pygeoapi is open source and released under an MIT license.
https://pygeoapi.io
MIT License
499 stars 262 forks source link

http://schemas.opengis.net/ is not running in HTTPs #312

Closed jkreft-usgs closed 4 years ago

jkreft-usgs commented 4 years ago

Description http uris are making swagger break due to mixed-content issues. The TODO is indeed something that needs to be done

Offending Line: 

# TODO: handle this better once schemas are public/final
# allow also for schema caching
OPENAPI_YAML = {
    'oapif': 'http://schemas.opengis.net/ogcapi/features/part1/1.0/openapi/ogcapi-features-1.yaml',  # noqa
    'oapip': 'https://raw.githubusercontent.com/opengeospatial/wps-rest-binding/master/core/openapi'  # noqa
}

Steps to Reproduce load the swagger doc on a page that runs over https. The browser will block the call to http://schemas.opengis.net/ because of mixed content, and then the swagger will throw errors when you click on various endpoints, including the `collections/{collection-id}/items endpoint

If you force your browser to accept mixed content, the error goes away.

Expected behavior Swagger works on https, including all of the collection query parameters

Screenshots/Tracebacks image

Environment

Additional context The easiest solution would probably be for schemas.opengis.net to just get a certificate and properly set HSTS and forwarding as well.

jkreft-usgs commented 4 years ago

You can see this issue on the demo site as well: https://demo.pygeoapi.io/master/openapi?f=html#/obs/get_collections_obs_items

jkreft-usgs commented 4 years ago

A path forward while OGC gets its ducks in a row would be to make the definition of OPENAPI_YAML configurable so that I can easily point to a copy of the YAML file somewhere that does support https.

tomkralidis commented 4 years ago

Implemented in #347

pvgenuchten commented 4 years ago

Referencing duplicated schemas on a https location does indeed solve the case. Is the documentation updated to require this configuration step for https environments? Has there been any contact with OGC to discuss if they can also host those schema's on https?

tomkralidis commented 4 years ago

@pvgenuchten

pvgenuchten commented 4 years ago

also consider that referencing a local duplicate of the schema prevents the software running into problems if OGC updates the schema or schema-location