Spec hyperlink broken with relative spec URL

swagger-api / swagger-ui

Swagger UI is a collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.

https://swagger.io

Apache License 2.0

26.36k stars 8.92k forks source link

Spec hyperlink broken with relative spec URL #4107

Open larshp opened 6 years ago

larshp commented 6 years ago

Q	A
Bug or feature request?	Bug
Which Swagger/OpenAPI version?	2.0
Which Swagger-UI version?	3.9.0
How did you install Swagger-UI?	loading via cdnjs
Which browser & version?	Chrome 63.0.3239.132
Which operating system?	Windows

Expected Behavior

Clicking the spec link will show the spec

Current Behavior

Instead it links to about:blank. Testing the operations and everything else works, the link worked in 3.0.18

The issue can also be reproduced on the petstore,

Possible Solution

The url is sanitized via https://github.com/swagger-api/swagger-ui/blob/1b5c060834305ce1545c0335ec0c3869ee2319c7/src/core/components/info.jsx#L101 which calls https://github.com/braintree/sanitize-url/blob/master/index.js but the relative url does not contain ":" so the regex fails and the link becomes "about:blank"

Context

Workaround is to just copy/paste the spec url into the browser address

shockey commented 6 years ago

No fix this week, but I've opened a sanitize-url PR (https://github.com/braintree/sanitize-url/pull/3) and added a currently-failing test for this behavior: https://github.com/shockey/swagger-ui/tree/bug/4107-relative-url-info-link

shockey commented 6 years ago

@braintree/sanitize-url@2.1.0 has been released, which solves this issue. users of swagger-ui on npm can pick up the change immediately, and consumers of our generated files (npm swagger-ui-dist, packagist, webjar, GitHub, etc) can pick this up in our Friday release.

thanks for the report, @larshp!

minigans commented 6 years ago

I git-cloned swagger-ui from https://github.com/swagger-api/swagger-ui (latest master branch) and copied the contents of the dist directory into my web-server. The Swagger UI renders great, and I can test my API using the "Try it out" feature. But the link to the spec file still points to about:blank. Has the dist folder not been updated to include this fix? Or, is the fix elsewhere and the javascript code in dist not pulling the right version? Please help. Thanks!

shockey commented 6 years ago

@minigans, it's working fine for me, can you see if http://petstore.swagger.io/?url=/v2/swagger.json works for you?

minigans commented 6 years ago

The petstore swagger.json works for me. I downloaded the latest dist files (built 3 days ago) but still can't get the spec file to show up on my Swagger UI. It redirects to about:blank. Everything else works great!

shockey commented 6 years ago

@minigans, odd...

can you tell me:

the URL you're accessing Swagger-UI at
the definition URL that you're pointing Swagger-UI to

thanks!

minigans commented 6 years ago

@shockey Thanks for looking at this.

https://host:port/api-docs/index.html?api=consent-api
index.html is slightly customized to our needs to accept an "api" query parameter. The Swagger Url field is set based on the value of this query parameter to ${api}-swagger.json, e.g. consent-api-swagger.json, which lives in the same directory as index.html

I'm able to use the direct link (e.g. https://host:port/api-docs/consent-api-swagger.json) to view the JSON definition. However, the link from index.html always points to about:blank.

I followed the instructions on this page to host swagger-ui on my server: http://idratherbewriting.com/learnapidoc/pubapis_swagger.html (section: To integrate your OpenAPI spec into Swagger UI:)

shockey commented 6 years ago

@minigans - sorry for the delay here, but we relaxed the link sanitizer about six weeks ago, so the current version shouldn't be giving you any trouble. Can you confirm?

dannyb648 commented 6 years ago

@shockey I'm currently using Swagger UI in the same way as @minigans (copying and hosting the files from the dist folder).

I'm definitely hosting 3.17.2, (I upgraded in hopes it would fix this issue) but I'm still hitting this same issue. Link still points to about:blank.

Happy to provide any more information needed.

lemartin commented 6 years ago

@dannyb648 It seems the sanitizer requires relative URLs to start with a leading ., at least this solved it for us (also running 3.17.2).

shockey commented 6 years ago

@dannyb648 & @lemartin, what do your URLs look like?

I can click through to a root-relative URL (which was the original issue in this thread) just fine, for example: https://petstore.swagger.io/?url=/v2/swagger.json

domaindrivendev commented 6 years ago

@shockey - I know the original issue was specifically created for the "root-relative" case. However, the problem still appears to be occurring for page relative URL's (e.g. "v1/swagger.json"). Can this issue be re-opened to track that case or should there be a new issue created?

shockey commented 6 years ago

@domaindrivendev, looks like you're right, RFC3986 clearly indicates that URLs like v1/swagger.json are valid.

I'll reopen this!

kishor-p commented 5 years ago

So its only issue when the JSON file is in RELATIVE path? Any workaround for this?

rschiefer commented 5 years ago

@kishor-p prefixing the relative path with "./" fixed it for me. For example, from

"/{version}/swagger.json"

"./{version}/swagger.json"