Open larshp opened 6 years ago
No fix this week, but I've opened a sanitize-url
PR (https://github.com/braintree/sanitize-url/pull/3) and added a currently-failing test for this behavior: https://github.com/shockey/swagger-ui/tree/bug/4107-relative-url-info-link
@braintree/sanitize-url@2.1.0
has been released, which solves this issue. users of swagger-ui
on npm can pick up the change immediately, and consumers of our generated files (npm swagger-ui-dist
, packagist, webjar, GitHub, etc) can pick this up in our Friday release.
thanks for the report, @larshp!
I git-cloned swagger-ui from https://github.com/swagger-api/swagger-ui (latest master branch) and copied the contents of the dist directory into my web-server. The Swagger UI renders great, and I can test my API using the "Try it out" feature. But the link to the spec file still points to about:blank. Has the dist folder not been updated to include this fix? Or, is the fix elsewhere and the javascript code in dist not pulling the right version? Please help. Thanks!
@minigans, it's working fine for me, can you see if http://petstore.swagger.io/?url=/v2/swagger.json works for you?
The petstore swagger.json works for me. I downloaded the latest dist files (built 3 days ago) but still can't get the spec file to show up on my Swagger UI. It redirects to about:blank. Everything else works great!
@minigans, odd...
can you tell me:
thanks!
@shockey Thanks for looking at this.
index.html is slightly customized to our needs to accept an "api" query parameter. The Swagger Url field is set based on the value of this query parameter to ${api}-swagger.json, e.g. consent-api-swagger.json, which lives in the same directory as index.html
I'm able to use the direct link (e.g. https://host:port/api-docs/consent-api-swagger.json) to view the JSON definition. However, the link from index.html always points to about:blank.
I followed the instructions on this page to host swagger-ui on my server: http://idratherbewriting.com/learnapidoc/pubapis_swagger.html (section: To integrate your OpenAPI spec into Swagger UI:)
@minigans - sorry for the delay here, but we relaxed the link sanitizer about six weeks ago, so the current version shouldn't be giving you any trouble. Can you confirm?
@shockey I'm currently using Swagger UI in the same way as @minigans (copying and hosting the files from the dist folder).
I'm definitely hosting 3.17.2, (I upgraded in hopes it would fix this issue) but I'm still hitting this same issue. Link still points to about:blank.
Happy to provide any more information needed.
@dannyb648 It seems the sanitizer requires relative URLs to start with a leading .
, at least this solved it for us (also running 3.17.2).
@dannyb648 & @lemartin, what do your URLs look like?
I can click through to a root-relative URL (which was the original issue in this thread) just fine, for example: https://petstore.swagger.io/?url=/v2/swagger.json
@shockey - I know the original issue was specifically created for the "root-relative" case. However, the problem still appears to be occurring for page relative URL's (e.g. "v1/swagger.json"). Can this issue be re-opened to track that case or should there be a new issue created?
@domaindrivendev, looks like you're right, RFC3986 clearly indicates that URLs like v1/swagger.json
are valid.
I'll reopen this!
So its only issue when the JSON file is in RELATIVE path? Any workaround for this?
@kishor-p prefixing the relative path with "./" fixed it for me. For example, from
"/{version}/swagger.json"
to
"./{version}/swagger.json"
Expected Behavior
Clicking the spec link will show the spec
Current Behavior
Instead it links to about:blank. Testing the operations and everything else works, the link worked in 3.0.18
The issue can also be reproduced on the petstore,
Possible Solution
The url is sanitized via https://github.com/swagger-api/swagger-ui/blob/1b5c060834305ce1545c0335ec0c3869ee2319c7/src/core/components/info.jsx#L101 which calls https://github.com/braintree/sanitize-url/blob/master/index.js but the relative url does not contain ":" so the regex fails and the link becomes "about:blank"
Context
Workaround is to just copy/paste the spec url into the browser address