Adding headers to Swagger
135 views
Skip to first unread message
Bert Verhees
Jul 29, 2015, 4:24:20 AM7/29/15
to Swagger
Hi,
I hope someone can advise me.
I have read this:
Especially following sentence is interesting: "Swagger lets you easily send headers as parameters to requests. The name of these headers MUST be supported in your CORS configuration as well."
My swagger-web has a CORS-related problem, I think.
I am running it in Tomcat 7, and I get the dreaded: "Can't read from server. It may not have the appropriate access-control-origin settings."
It is, so I see in the Chrome debugger, the swagger-ui which cannot be loaded.
Now I have found some tips, for example, add a Corsfilter to the web.xml.
I checked that, it was present
Another tip is that the Corsfilter only works for servlets, not for static content, and I have to run static content (swagger) under a servlet. According this tip this would do the trick
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>default</servlet-name>
<servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
And what I see is that when I have an Origin header send with the request, the CORS headers appear, but onli when I add the Origin header.
> curl -I http://192.168.178.253:8080/ers-swagger/ -H 'Origin: http://localhost/test'
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: http://localhost/test
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Accept-Ranges: bytes
ETag: W/"6460-1438093183000"
Last-Modified: Tue, 28 Jul 2015 14:19:43 GMT
Content-Type: text/html
Content-Length: 6460
Date: Wed, 29 Jul 2015 07:46:10 GMT
When I don't use the origin header, no CORS headers are included.
SO I thought, maybe I can have Swagger to add headers so that I can use my project in Tomcat, or shouldn't I use Tomcat to run swagger?
tony tam
Jul 29, 2015, 10:47:33 AM7/29/15
to Swagger, bert.v...@rosa.nl, bert.v...@rosa.nl
You can add headers in Swagger, but you can't trick the HTTP request inside the browser. It's simply forbidden in essentially all browsers to lie about the origin, or people could do very bad things with your browser session.
You cannot set origin programmatically unfortunately. You'll have to sort out the cors issue on your static content in your server or load balancer.
Bert Verhees
Jul 29, 2015, 12:42:12 PM7/29/15
to Swagger, feh...@gmail.com
Hi Tony, thanks for your answer. The purpose was not to fake the origin. Sorry that my question was to read in this way.
I noticed that when the Origin header was added to the request, Tomcat suddenly responded with other headers, which possibly make the CORS filter work.
My problem is that I cannot get the CORS sorted out on static content (which swagger is) in Tomcat.
I will try it in Apache and see if it is a problem there.
Best regards
Bert
Op woensdag 29 juli 2015 16:47:33 UTC+2 schreef tony tam:
Op woensdag 29 juli 2015 16:47:33 UTC+2 schreef tony tam:
Ron Ratovsky
Jul 29, 2015, 8:47:54 PM7/29/15
to Swagger, tony tam
Bert,
Perhaps I'm misreading the question but our samples, https://github.com/swagger-api/swagger-samples, include a simple CORS filter that you can just copy and add to your application.--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
-----------------------------------------
http://swagger.iohttps://twitter.com/SwaggerApi
-----------------------------------------
Bert Verhees
Jul 30, 2015, 1:49:57 AM7/30/15
to Swagger, feh...@gmail.com, r...@swagger.io
Thanks Ron, but in servlets (the project you point to are java projects), there is no problem. The problem is with static files.
Bert
Op donderdag 30 juli 2015 02:47:54 UTC+2 schreef Ron:
Op donderdag 30 juli 2015 02:47:54 UTC+2 schreef Ron:
Bert Verhees
Jul 30, 2015, 4:14:49 AM7/30/15
to Swagger, feh...@gmail.com, r...@swagger.io, bert.v...@rosa.nl
By the way, IO brought the project to Apache, because it is only html and javascript and it should work, and it open the page, but again the same error.
Maybe this information helps:
Uncaught Can't read from server. It may not have the appropriate access-control-origin settings.
3.SwaggerClient.fail @ resolver.js:506
3.SwaggerClient.build.obj.on.error @ resolver.js:196
(anonymous function) @ spec-converter.js:339
163.Request.callback @ index.js:24
(anonymous function) @ index.js:24
164.Emitter.emit @ index.js:24
163.Request.end.xhr.onreadystatechange @ index.js:24
I think this has to do with it:
XHR finished loading: GET "http://192.168.178.253/ers-swagger/swagger.json".
163.Request.end @ index.js:24
5.SuperagentHttpClient.execute @ spec-converter.js:292
5.SwaggerHttp.execute @ spec-converter.js:160
3.SwaggerClient.build @ resolver.js:241
3.SwaggerClient.initialize @ resolver.js:171
3.module.exports @ resolver.js:129
window.SwaggerUi.Backbone.Router.extend.load @ index.js:24
(anonymous function) @ (index):51
p.Callbacks.k @ jquery-1.8.0.min.js:2
p.Callbacks.l.fireWith @ jquery-1.8.0.min.js:2
p.extend.ready @ jquery-1.8.0.min.js:2
D @ jquery-1.8.0.min.js:2
(index):80 Unable to Load SwaggerUI
Ron Ratovsky
Jul 30, 2015, 10:07:35 AM7/30/15
to Swagger, tony tam, bert.v...@rosa.nl
Wait, which static files are you trying to serve? Are you serving a static Swagger definition?
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Bert Verhees
Jul 30, 2015, 10:39:19 AM7/30/15
to Swagger, feh...@gmail.com, r...@swagger.io
Hi Ron, you should be able to see it in the error messages. It cannot load SwaggerUI, and I am not sure if the errormessage is right. I don't know why this happens. I have it on another machine, and there it runs without problem. I now tried it under Apache with the same result.
What do you need to know to help me with this?
There are no problems on server side, perhaps maybe only the needed headers. That was my initial question.
How doy you solve this with the petstore example?
Op donderdag 30 juli 2015 16:07:35 UTC+2 schreef Ron:
Op donderdag 30 juli 2015 16:07:35 UTC+2 schreef Ron:
Ron Ratovsky
Jul 30, 2015, 10:43:14 AM7/30/15
to Bert Verhees, Swagger, tony tam
That's exactly what I'm asking. I don't understand what you're trying to do. Why do you need to enable CORS on static data? What's static data are you trying to access?
Bert Verhees
Jul 30, 2015, 10:52:08 AM7/30/15
to Swagger, feh...@gmail.com, r...@swagger.io
I don't understand either, I get this error message about appropriate access control origin settings, which is a cors related error message.
I am just using the swagger.json, the index html, and the bunch of javascripts, that is all.
Op donderdag 30 juli 2015 16:43:14 UTC+2 schreef Ron:
Op donderdag 30 juli 2015 16:43:14 UTC+2 schreef Ron:
Ron Ratovsky
Jul 30, 2015, 10:57:40 AM7/30/15
to Bert Verhees, Swagger, tony tam
Bert,
Are you hosting a static swagger.json file or is it generated automatically from your code using swagger-core?
Bert Verhees
Jul 30, 2015, 11:41:32 AM7/30/15
to Swagger
It is a static swagger.json
Ron Ratovsky
Jul 30, 2015, 11:45:44 AM7/30/15
to Swagger
I see. Well, I've never investigated how to enable CORS on static content. http://enable-cors.org/server_tomcat.html may help, but if not, I'm sure there are other resources out there that can help.
On Thu, Jul 30, 2015 at 11:41 AM, Bert Verhees <bert.v...@rosa.nl> wrote:
It is a static swagger.json
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Bert Verhees
Jul 30, 2015, 3:53:59 PM7/30/15
to Swagger, r...@swagger.io
I found that too. Thanks anyway.
Op donderdag 30 juli 2015 17:45:44 UTC+2 schreef Ron:
Op donderdag 30 juli 2015 17:45:44 UTC+2 schreef Ron:
Bert Verhees
Aug 4, 2015, 3:25:42 AM8/4/15
to Swagger, r...@swagger.io
It will be very helpful if error messages say what the error is.
I got this error-message: "Can't read from server. It may not have the appropriate access-control-origin settings.", two days I looked, experimenting with CORS-settings, etc.
But the error was that I had a comma on two swagger.json lines which should not be there. A left over from editing the JSON file without a proper JSON editor, and this shit can happen.
Maybe the swagger framework could check the swagger-file for syntax, before trying to load it.
Ron Ratovsky
Aug 4, 2015, 10:54:55 AM8/4/15
to Bert Verhees, Swagger
It would help if you open an issue on swagger-ui to present better errors.
Message has been deleted
Bert Verhees
Aug 4, 2015, 11:49:12 AM8/4/15
to Swagger, bert.v...@rosa.nl
I just did, thanks for the hint
Ron Ratovsky
Aug 4, 2015, 11:51:37 AM8/4/15
to Swagger, Bert Verhees
Thanks for taking the time to open the issue.
On Tue, Aug 4, 2015 at 11:49 AM, Bert Verhees <bert.v...@rosa.nl> wrote:
I just did, thanks for the hint
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages