flask-restplus icon indicating copy to clipboard operation
flask-restplus copied to clipboard

Published 20 hours ago verified publisher icon noirbizarre

Use relative swagger.json URL for SwaggerUI

Open drewdogg opened this issue 9 years ago • 8 comments

I run my flask-restplus app in the default werkzeug HTTP webserver behind a reverse HTTPS proxy. The absolute URL of the swagger.json is problematic for the SwaggerUI AJAX call in this scenario. All of the other resources in the HTML use relative URLs anyways.

drewdogg avatar Jan 28 '16 02:01 drewdogg

Why is that ? Can you precise your initial issue ? Have you set SERVER_URL in your configuration and added ProxyFix ? I'm using this setup in production and it's working very well. See http://flask.pocoo.org/docs/0.10/deploying/wsgi-standalone/#deploying-proxy-setups (this Flask related, not specific to flask-restplus)

I'm not sure that using the path is compatible with subdomain blueprints.

noirbizarre avatar Jan 28 '16 11:01 noirbizarre

The issue is the conflict with http and https in the full URL. flask-restplus generates the URL with http:// but my reverse proxy load balancer only accepts https://, so the swagger.json will never load via AJAX call. I do not have ProxyFix. I do not have control over the headers that can be set by the load balancer.

I'm not sure what you mean by subdomain blueprints, but isn't the hostname of swagger.json and the SwaggerUI elements always the same? Alternatively, we could have the URL with the hostname but without the scheme (i.e. "//server.com/swagger.json") and it will load properly. Why should flask-restplus should care what the hostname is?

drewdogg avatar Jan 28 '16 18:01 drewdogg

No, you can have different URL for documentation and API so absolute URL is necessary. Blueprint can be registered with an url prefix and/or a given subdomain (see #103).

Your reverse proxy (NGinx or HAProxy or whatever) send an X-Forwarded-Proto header which is standard which and handled by ProxyFix (it's not a new dependency but a Werkzeug middleware, see the previous link). This is how Flask is meant to run (and which is explain in the link). See also #54 because someone already asked for this.

Just so you know, I have the same setup in production (a frontal load balancer performing the SSL offload itself and talking with my app in HTTP) and it's been working fine with ProxyFix for almost 2 years.

noirbizarre avatar Jan 30 '16 15:01 noirbizarre

Ah OK. Would dropping the scheme be a compromise? Its generally a best practice in web sites to not require http/https scheme in AJAX URLs in HTML, so that it picks up the parent page's scheme.

drewdogg avatar Feb 01 '16 07:02 drewdogg

@noirbizarre could we get an nginx and other sample configuration files uploaded with the examples as this is a common scenario.

harishkashyap avatar Feb 03 '16 14:02 harishkashyap

Hi @noirbizarre how can i change the swagger.json url. since i don't want to serve swagger.json on hostname/swagger.json. Instead i want to host it at different url such as hostname/_svc/api/swagger.json

kuldeeprishi avatar Dec 21 '17 11:12 kuldeeprishi

Can it be merged? I am having issue running Flask on HTTPS.

plutov avatar Jan 23 '19 19:01 plutov

Exact same problem here, this is a huge blocker for me because HTTPS won't work at all behind my reverse proxy

ajmeese7 avatar Oct 13 '22 13:10 ajmeese7