search

swagger-api / swagger-ui

Swagger UI is a collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.
https://swagger.io
Apache License 2.0
26.34k stars 8.92k forks source link

Swagger ui are changing path variables for html codes. #4461

Closed iagoquirino closed 6 years ago

iagoquirino commented 6 years ago

Swagger ui are changing path variables for html codes.

Using the swagger ui example of http://petstore.swagger.io/v2/swagger.json, when i POST on /pet/{petId} some value for example "23/" swagger ui change slash character to html code in this case swagger ui changes path value to "23%2", for endpoints whose needs explicit slash character, they will be never called with that behavior. (yeah i know the slash is wrong character for this endpoint its a example).

Bug or feature request? I think this is a bug. Which Swagger-UI version? v3.0.5 How did you install Swagger-UI? docker container Which browser & version? Version 65.0.3325.181 (Official Build) (64-bit) Which operating system? MAC OS

Links of behavior issue:

https://drive.google.com/file/d/11nIYY9popxTaSO-ZNMzhUlQUso6njNo4/view

https://drive.google.com/file/d/11lOpn71b7m9qFFK4YFa42RK4mtm4gBUk/view

Expected Behavior

When using endpoint with parameter type path must maintain characters like "/".

Current Behavior

Endpoints with parameter type path are changing characters like "/" to html code "%2".

Possible Solution

Maintain character inputed by user.

Context

I cannot use swagger ui with "dynamic" endpoint.

shockey commented 6 years ago

Hi @iaguera!

I'm inclined to say that this is intended behavior - path parameters are generally meant to serve as a placeholder for one segment of a URL. I imagine allowing literal / in path parameter template values would make router matching logic much more complex for server-side tooling.

Swagger/OpenAPI 2.0 doesn't explicitly mention anything about percent-encoding (which is confusing), but OpenAPI 3.0 specifically indicates that all parameters present in a URL should be percent-encoded unless allowReserved: true is set.

@webron, @hkosova - any thoughts on this?

iagoquirino commented 6 years ago

Hi @shockey,

Thanks for the answer, on swagger ui container, i think It is not possible, send this parameter right?

Can we change this issue intead of a fix to a feature or something like that?

hkosova commented 6 years ago

@iaguera OpenAPI does not support unencoded / in path parameters. Here's the corresponding feature request - https://github.com/OAI/OpenAPI-Specification/issues/892.

OpenAPI 3.0 defines the serialization rules for path parameters more explicitly - they can be serialized using style: simple (default), style: matrix or style: label, as defined by RFC 6570. These styles are defined as follows:

perform variable expansion, as defined in Section 3.2.1, with the allowed characters being those in the unreserved set.

/ is a reserved character, so it ends up percent-encoded.

webron commented 6 years ago

As @hkosova and @shockey said, this is the intended behavior. Path parameters, at the moment, cannot contain additional path segments. This is an intentional limitation in the spec.

lock[bot] commented 5 years ago

Locking due to inactivity.

This is done to avoid resurrecting old issues and bumping long threads with new, possibly unrelated content.

If you think you're experiencing something similar to what you've found here: please open a new issue, follow the template, and reference this issue in your report.

Thanks!