Comments (20)
bajtos
commented on September 28, 2024
That's expected, the server running at online.swagger.io cannot access the application running on your local machine.
You can run swagger-badge locally to check your local application, see the instructions in project's README.
from loopback-component-explorer.
bajtos
commented on September 28, 2024
@hacksparrow where is the validator badge coming from? I can't see it in [email protected] installed from npmjs.
from loopback-component-explorer.
JinpaLhawang
commented on September 28, 2024
We've witnessed this in our app since updating from loopback-explorer 1.1.0 to 2.0.0. We don't have a swagger.json file in our project. This error displays in the lower right corner and when clicked it opens http://online.swagger.io/validator/debug?url=http://0.0.0.0:3000/explorer/swagger.json with the response:
[
{
level: "error",
message: "Can't read from file http://0.0.0.0:3000/explorer/swagger.json"
}
]
I guess swagger.json was not required before and now is?
from loopback-component-explorer.
bajtos
commented on September 28, 2024
@JinpaLhawang do you perhaps provide custom copy of swagger-ui to the loopback-explorer module?
Could you please create a sample project reproducing the problem which I can use to troubleshoot this on my machine? See wiki instructions.
from loopback-component-explorer.
bajtos
commented on September 28, 2024
Never mind, I am able to reproduce this locally too. It's important to use 0.0.0.0 as the hostname. It seems that swagger-ui detects localhost and does not show the badge in such case, but it fails to recognise 0.0.0.0 as a local address too.
from loopback-component-explorer.
bajtos
commented on September 28, 2024
Here is the code detecting validatorUrl: https://github.com/swagger-api/swagger-ui/blob/8e72906c911a02853b87f5241d157e83e2bf7377/src/main/javascript/view/MainView.js#L57-L71
Is there any volunteer to fix the issue and submit a pull request to swagger-ui project?
from loopback-component-explorer.
raymondfeng
commented on September 28, 2024
Please note 0.0.0.0 is not a valid localhost ip on Windows.
from loopback-component-explorer.
hacksparrow
commented on September 28, 2024
Also, a simple check for 0.0.0.0 would not suffice. It should detect any IP address within all the possible private IP blocks - 192.168.0.0-192.168.255.255, 172.16.0.0-172.31.255.255, and 10.0.0.0-10.255.255.255.
from loopback-component-explorer.
bajtos
commented on September 28, 2024
I don't think it's possible to implement a fully bullet-proof check - consider the case when your API is served from an internal host http://intranet/explorer, which is mapped by your on-premise DNS to a private IP address.
Perhaps we could modify loopback-explorer to always pass swaggerOptions.validatorUrl: null and thus always disable the badge?
Optionally we could add loopback-explorer setting to configure the validatorUrl. We are already calling GET /exporer/config.json to fetch some metadata from the server, I think it should be reasonably easy to pass through this new option. See public/lib/loadSwaggerUI.js and index.js
/cc @STRML
from loopback-component-explorer.
STRML
commented on September 28, 2024
Well, if the explorer loads, swagger.json must be reachable from the client. So why don't we just read this error and ignore it by removing the badge?
from loopback-component-explorer.
bajtos
commented on September 28, 2024
@STRML I think this is a different problem - it's about the site online.swagger.io not able to access swagger.json served by the LoopBack app running on your local machine.
from loopback-component-explorer.
hacksparrow
commented on September 28, 2024
I don't think it's possible to implement a fully bullet-proof check - consider the case when your API is served from an internal host http://intranet/explorer, which is mapped by your on-premise DNS to a private IP address.
@bajtos you've got a point there.
Perhaps we could modify loopback-explorer to always pass swaggerOptions.validatorUrl: null and thus always disable the badge?
I think the badge should be enabled only via an explicit config option, not by default.
from loopback-component-explorer.
STRML
commented on September 28, 2024
@bajtos What I mean is, we can't get this validation to work if the swagger.json isn't reachable from the online validation service. So we want to hide the badge if it errors. So let's just specialcase this error.
from loopback-component-explorer.
bajtos
commented on September 28, 2024
@STRML What I mean is, we can't get this validation to work if the swagger.json isn't reachable from the online validation service. So we want to hide the badge if it errors. So let's just specialcase this error.
AFAICT, the badge is implemented as an image fetched from the validation services, so it's not possible to tell why the validation failed:
<a href="http://online.swagger.io/validator/debug?url=http://0.0.0.0:3000/explorer/swagger.json">
<img id="validator" src="http://online.swagger.io/validator?url=http://0.0.0.0:3000/explorer/swagger.json">
</a>However, the debug endpoint returns a nice JSON which we could use to check whether swagger.json is reachable.
// http://online.swagger.io/validator/debug?url=http://0.0.0.0:3000/explorer/swagger.json
[{"level":"error","message":"Can't read from file http://0.0.0.0:3000/explorer/swagger.json"}]There is still a catch though: when running in a corporate environment behind a strict firewall, access to online.swagger.io may be silently rejected via a timeout. In which case it will take us quite some time to finish this check.
Thoughts?
from loopback-component-explorer.
STRML
commented on September 28, 2024
That seems fine. I think the right thing to do is to place the image ourselves by storing the variants locally and displaying it based on a hit to their API, rather than having them handle the image display.
Otherwise, the mechanism you describe will basically double-hit their API (once for the check, once for the image). But I would hope they're caching results.
from loopback-component-explorer.
hacksparrow
commented on September 28, 2024
@bajtos how about we do this?
Perhaps we could modify loopback-explorer to always pass swaggerOptions.validatorUrl: null and thus always disable the badge?
from loopback-component-explorer.
bajtos
commented on September 28, 2024
@bajtos how about we do this?
Perhaps we could modify loopback-explorer to always pass swaggerOptions.validatorUrl: null and thus always disable the badge?
Sounds good to me.
We can always implement a more elaborate solution (e.g. as proposed by @STRML in #120 (comment)) later, when there is a volunteer with enough free time.
from loopback-component-explorer.
bajtos
commented on September 28, 2024
Is there any volunteer willing to contribute the fix outlined in #120 (comment)?
Modify loopback-explorer to always pass swaggerOptions.validatorUrl: null and thus always disable the badge?
from loopback-component-explorer.
hacksparrow
commented on September 28, 2024
@bajtos I'll take it up.
from loopback-component-explorer.
bajtos
commented on September 28, 2024
The fix is available in [email protected]
from loopback-component-explorer.
Related Issues (20)
- With destroyAll exposed, API Explorer does not send where filter (LB 2.x) HOT 2
- Parameters with x-www-form-urlencoded are not included in the curl commandline and are not sent HOT 5
- [email protected] JSONEditor is not defined
- Use a custom swagger spec instead of the default HOT 1
- Upgrade loopback-swagger to latest version please HOT 1
- can't get "through" to show HOT 2
- Properties added in bootscripts or later don't show up in explorer HOT 2
- unresponsive script
- Migrate to Swagger-UI 3.x HOT 4
- `Cannot read property '$ref' of undefined` when using `Base` HOT 4
- API version not being picked up from package.json HOT 2
- File Downloading Bug HOT 2
- Cannot override index.html title using apiInfo HOT 3
- example for loopback 4 usage HOT 3
- loopback.basicAuth is not a function? HOT 2
- lodash security risk for version 2.7.0 HOT 2
- Display error when a model is called 'Array' HOT 2
- Fix the vulnerability caused by swagger-ui HOT 5
- swagger-ui vulnerabilities HOT 19
- Loopback4 version problem!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from loopback-component-explorer.