Closed jkreft-usgs closed 4 years ago
You can see this issue on the demo site as well: https://demo.pygeoapi.io/master/openapi?f=html#/obs/get_collections_obs_items
A path forward while OGC gets its ducks in a row would be to make the definition of OPENAPI_YAML
configurable so that I can easily point to a copy of the YAML file somewhere that does support https
.
Implemented in #347
Referencing duplicated schemas on a https location does indeed solve the case. Is the documentation updated to require this configuration step for https environments? Has there been any contact with OGC to discuss if they can also host those schema's on https?
@pvgenuchten
also consider that referencing a local duplicate of the schema prevents the software running into problems if OGC updates the schema or schema-location
Description http uris are making swagger break due to mixed-content issues. The TODO is indeed something that needs to be done
Offending Line:
Steps to Reproduce load the swagger doc on a page that runs over https. The browser will block the call to
http://schemas.opengis.net/
because of mixed content, and then the swagger will throw errors when you click on various endpoints, including the `collections/{collection-id}/items endpointIf you force your browser to accept mixed content, the error goes away.
Expected behavior Swagger works on https, including all of the collection query parameters
Screenshots/Tracebacks
Environment
Additional context The easiest solution would probably be for schemas.opengis.net to just get a certificate and properly set HSTS and forwarding as well.