Closed frkline closed 7 years ago
I have the same problem.
So far, I disabled the validator (my swagger.json is generated by swagger anyway), but it would be better if validator was compatible with https.
+1 for this issue, had to disable the validator too.
+1
+1
+1
+1
+1
+1
+1
https support added to the validator
@fehguy Can you cross-reference to the commit that fixes this? Is that change deployed to https://online.swagger.io/validator yet?
Yes, unfortunately it's entirely an infrastructure change and not a code change. It has been deployed and is available:
https://online.swagger.io/validator/?url=http://petstore.swagger.io/v2/swagger.json
It's still not working for me with my local development url: https://online.swagger.io/validator?url=https://docs.local:8086/swagger.json. I'm getting a redirect to HTTP.
$ curl -v 'https://online.swagger.io/validator?url=https://docs.local:8086/swagger.json' -H 'Pragma: no-cache' -H 'DNT: 1' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-US,en;q=0.8' -H 'Upgrade-Insecure-Requests: 1' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Cache-Control: no-cache' -H 'Cookie: _ga=GA1.2.440710346.1436287024' -H 'Connection: keep-alive' --compressed
* Trying 54.69.214.189...
* Connected to online.swagger.io (54.69.214.189) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* Server certificate: *.swagger.io
* Server certificate: DigiCert SHA2 Secure Server CA
* Server certificate: DigiCert Global Root CA
> GET /validator?url=https://docs.local:8086/swagger.json HTTP/1.1
> Host: online.swagger.io
> Pragma: no-cache
> DNT: 1
> Accept-Encoding: gzip, deflate, sdch
> Accept-Language: en-US,en;q=0.8
> Upgrade-Insecure-Requests: 1
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
> Cache-Control: no-cache
> Cookie: _ga=GA1.2.440710346.1436287024
> Connection: keep-alive
>
< HTTP/1.1 302 Found
< Location: http://online.swagger.io/validator/?url=https://docs.local:8086/swagger.json
< Connection: close
< Server: Jetty(9.2.7.v20150116)
<
* Closing connection 0
Is the redirect to the error logo a special case that needs to be addressed separately?
(Edited to include the response I'm seeing.)
It appears that a trailing /
in my initial URL fixes the http -> https redirect.
https://online.swagger.io/validator/?url=https://docs.local:8086/swagger.json
(The trailing /
is not present by default.)
OK great. also, the validator in get
mode expects that your swagger definition is available publically. If that's not the case (like localhost
), you can use a POST method instead:
curl -i -X POST -H "accept:application/json" -d @sample.json 'https://online.swagger.io/validator/debug'
Where @sample.json
is simply a swagger spec, in either JSON or YAML format.
POST mode - That's a great tip!
Would it be possible to change the redirect behavior so that it is ok to omit the trailing /
? Alternatively, should we change the default validationUrl
in the JS implementation?
Yes, it's quite easy. I will reopen the issue to track the change.
Thanks for the quick help, @fehguy!
This should be fixed now ¯\_(ツ)_/¯
Chrome reports a mixed content error as the validator redirects to an insecure resource: