Missing CORS Headers / functionality

[Vanongart]

Hey,

I'm pretty sure you're missing the CORS Attributes:

• access-control-allow-methods
• access-control-allow-headers

When enabling CORS via AccessControlAllowOrigin("*"):

GlobalConfiguration.Configuration
                .EnableSwagger(c =>
                {
                  c.SingleApiVersion("1.0.0", "ApiDoc")
                  .Description("Api Documentation Project");

                  c.AccessControlAllowOrigin("*");
                })
                .EnableSwaggerUi(c =>
                {
                  c.DocumentTitle("ApiDoc");
                });

I'm still getting CORS Errors when trying to display an api definition from another server. In Addition to allow the origin - for CORS to work you also need to allow some methods (GET at least I guess)

BR, Martin

[heldersepu]

I have it running here: http://swagger-net-test.azurewebsites.net/swagger/ui/index#/

And it works fine: https://petstore.swagger.io/?url=https://swagger-net-test.azurewebsites.net/swagger/docs/V1 no cors issues for me

[heldersepu]

Here is where I set it: https://github.com/heldersepu/Swagger-Net/blob/d70d1dd54205e80962e2c5d17192c592c7dc81d7/Swagger.Net/Application/SwaggerDocsHandler.cs#L38-L41 If you think something is missing send a PR

[Vanongart]

Yeah - sorry - jumped to conclusions too fast. (Too many new systems involved)

The preflight check failed due to an authentication issue. Browser shows this as CORS issue - and the response header looks "normal" - except the missing cors attributes.

Thanks for checkign & getting back so quick.

[splendid25]

Hello, has something changed since? I'm running an API behind a reverse proxy, and SwaggerUI can't access it. I tried AccessControlAllowOrigin("*") but it's still blocked (though I can see the new Header).

The same happens on the link you posted : https://petstore.swagger.io/?url=https://swagger-net-test.azurewebsites.net/swagger/docs/V1

Failed to load API definition. Errors

Fetch error Failed to fetch https://swagger-net-test.azurewebsites.net/swagger/docs/V1 Fetch error Possible cross-origin (CORS) issue? The URL origin (https://swagger-net-test.azurewebsites.net) does not match the page (https://petstore.swagger.io). Check the server returns the correct 'Access-Control-Allow-*' headers.

[heldersepu]

Hello, has something changed since? I'm running an API behind a reverse proxy, and SwaggerUI can't access it. I tried AccessControlAllowOrigin("*") but it's still blocked (though I can see the new Header).

The same happens on the link you posted : https://petstore.swagger.io/?url=https://swagger-net-test.azurewebsites.net/swagger/docs/V1

Failed to load API definition. Errors Fetch error Failed to fetch https://swagger-net-test.azurewebsites.net/swagger/docs/V1 Fetch error Possible cross-origin (CORS) issue? The URL origin (https://swagger-net-test.azurewebsites.net) does not match the page (https://petstore.swagger.io). Check the server returns the correct 'Access-Control-Allow-*' headers.

yes a lot has changed... last comment was on 2020 most of the change are in the UI

I no longer have an azure account so this: https://swagger-net-test.azurewebsites.net/swagger/docs/V1 no longer exists

But my guess your issue is the reverse proxy not CORS