SSL to endpoint - "TypeError: Failed to fetch"

[O haya]

Hi,

We are using Swagger/Swagger-UI to test some of our APIs, but some of our APIs require that they are accessed using SSL.

Right now, to start, I am just trying to test with a small sample API ,"/testnocors/cert/" but when I click Execute on the Swagger page, I am getting "TypeError: Failed to fetch", and actually on our server side logging, I don't see anything, which I think means that the connection is not even getting past the SSL handshake.  

If I test HTTP/non-SSL to the same machine (but a different, non-SSL port), Swagger works fine, i.e., if I click Execute, I get a response on the Swagger page and also on the server side I see logging indicating that a request was processed.

If I execute the curl command that Swagger displays, the curl command works correctly (both with the non-SSL and SSL).  

Does anyone know why this might not be working?  Does Swagger page simply not work with an SSL endpoint?

Thanks,

Jim

[O haya]

Hi,

I was able to get Chrome working so far.  I had to start Chrome with " --user-data-dir="C:/Chrome dev session" --disable-web-security" parameters in order to get Chrome to work.

However, I cannot get the same Swagger request to work with either Firefox or Internet Explorer.

With Firefox, I am checking with WebDeveloper, and it looks like the request is failing because Swagger is sending an "OPTIONS cert" request, which is failing with SSL_ERROR_BAD_CERT.

If I run a REST client plugin in the same Firefox and submit a request using that instead of via Swagger, it works, and I noticed that the REST client plugin is ONLY sending a POST request (which works), so why is Swagger sending the OPTIONS cert request, and is there a way to make Swagger NOT send the OPTIONS  cert but just send a POST instead?

Thanks,

Jim

[O haya]

Hi,

BTW, I wanted to mention that from Googling, my understanding is that OPTIONS request is related to CORS, but, FYI, the server-side, in this case, is configured for CORS and if everything was working I would see a lot of logging for the CORS interchanges on my server, but, in this case now, when I test with Firefox and Swagger, I am seeing NOTHING on the server logs, i.e., no indication that even a connection was made (also remember that I am not even getting the cert popup on the Firefox), so I am guessing that when Firefox/Swagger is sending the OPTIONS request, there is something wrong with that, e.g., like Firefox is not sending the client cert, or something.

[O haya]

Hi,

I think that I've found out why what I am seeing (the OPTION request failing when Firefox is used).  It appears that is because with CORS and the OPTION request, it does not send the client cert.  

So if I have the server port configured for "Required", the OPTION request fails.

I have seen some suggestion that the port be set to OPTIONAL, which lets the OPTION request through, but then the user ends up being UNAUTHORIZED, since their browser didn't present a client cert.

So it seems like Swagger won't work when going to a 2-way SSL endpoint when Firefox is used.  

So far, Chrome DOES work, and I am trying to see if it is possible to get IE working.

Jim

[Ron Ratovsky]

The OPTION call is being sent by the browser, not Swagger-UI. We can’t control whether it does or doesn’t, it’s a security feature implemented by the browser.

If there’s an issue with FF, it may be a bug with the browser itself.

--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.