Testing Swagger-Editor against remote server
1,500 views
Skip to first unread message
Mike Barlow
Sep 22, 2015, 11:32:09 AM9/22/15
to Swagger
I'm just starting out with Swagger and have an existing (remote) server serving up a series of REST-ful api service calls, that I'm trying to document using the Swagger-Editor, with a look at migrating our existing code base to a Swagger API based environment.
So in order to try and figure out how things work, I took one of our existing service calls and defined it in Swagger-Editor. But when I went to test the example I get the standard "This is a cross-origin call..." (which our service "should" accept) message and when I send the request I get an "ERROR" that simply states (in the Rendered tab):
Headers
Body
Any ideas as to where I should start investigating? The service DOES respond normally when I simply type the URL into a browser.
Thanks.
Ron Ratovsky
Sep 22, 2015, 11:51:44 AM9/22/15
to Swagger
Hi Mike,
As you stated, this is most likely a CORS issue. We have some information regarding how to test it and configure it.
https://github.com/swagger-api/swagger-editor/blob/master/docs/cors.md
https://github.com/swagger-api/swagger-ui#cors-support
If you’re unsure about it, please provide the result of curl -I <url of API> and we can take it from there.
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
-----------------------------------------
http://swagger.iohttps://twitter.com/SwaggerApi
-----------------------------------------
Mike Barlow
Sep 22, 2015, 12:02:01 PM9/22/15
to Swagger
Thanks Ron, while I peruse the docs, here's the CURL output...
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.0
X-Powered-By: PHP/5.3.28
Set-Cookie: PHPSESSID=0ko11g32723viiupd70ln8u5v0; path=/
X-Powered-By: ASP.NET
Date: Tue, 22 Sep 2015 15:56:34 GMT
On Tuesday, September 22, 2015 at 11:51:44 AM UTC-4, Ron wrote:
Hi Mike,
As you stated, this is most likely a CORS issue. We have some information regarding how to test it and configure it.
https://github.com/swagger-api/swagger-editor/blob/master/docs/cors.md
https://github.com/swagger-api/swagger-ui#cors-supportIf you’re unsure about it, please provide the result of
curl -I <url of API>and we can take it from there.
On Tue, Sep 22, 2015 at 6:32 PM, Mike Barlow <bar...@gmail.com> wrote:
I'm just starting out with Swagger and have an existing (remote) server serving up a series of REST-ful api service calls, that I'm trying to document using the Swagger-Editor, with a look at migrating our existing code base to a Swagger API based environment.So in order to try and figure out how things work, I took one of our existing service calls and defined it in Swagger-Editor. But when I went to test the example I get the standard "This is a cross-origin call..." (which our service "should" accept) message and when I send the request I get an "ERROR" that simply states (in the Rendered tab):Headers
Body
Any ideas as to where I should start investigating? The service DOES respond normally when I simply type the URL into a browser.Thanks.
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Ron Ratovsky
Sep 22, 2015, 12:03:50 PM9/22/15
to Swagger
Yeah, you're missing the all 3 CORS headers. I believe the docs should cover it.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
Mike Barlow
Sep 22, 2015, 12:12:39 PM9/22/15
to Swagger
Thanks
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsub...@googlegroups.com.
Mike Barlow
Sep 22, 2015, 12:34:57 PM9/22/15
to Swagger
Ok, so after going through the "Enable CORS on your Server" section of the docs I added several header statements in the original (PHP) code and now when I hit the service via a browser I get this (Response Headers Changes highlighted):
Response Headers:
Access-Control-Allow-Headers:Origin, X-Requested-With, Content-Type, AcceptAccess-Control-Allow-Origin:*
Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Length:76Content-Type:application/json; charset=utf-8Date:Tue, 22 Sep 2015 16:21:06 GMT
Expires:Thu, 19 Nov 1981 08:52:00 GMT
Pragma:no-cacheServer:Microsoft-IIS/7.0X-Powered-By:ASP.NETX-Powered-By:PHP/5.3.28
Request Headers:
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Accept-Encoding:gzip, deflate, sdchAccept-Language:en-US,en;q=0.8Cache-Control:no-cacheConnection:keep-aliveCookie:PHPSESSID=95gtbjsh5jk6hm35k0dk6vs0f1; BX=2s9h0fpauuf4q&b=3&s=qtPragma:no-cacheUpgrade-Insecure-Requests:1User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36
but my CURL -I still gets the same as before:
HTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheContent-Length: 0Content-Type: text/htmlExpires: Thu, 19 Nov 1981 08:52:00 GMTServer: Microsoft-IIS/7.0X-Powered-By: PHP/5.3.28
Set-Cookie: PHPSESSID=ni07i5bj9aqb4kipvgelp1qmd1; path=/X-Powered-By: ASP.NETDate: Tue, 22 Sep 2015 16:24:58 GMT
So what am I missing?
Ron Ratovsky
Sep 22, 2015, 12:42:10 PM9/22/15
to Swagger
You’re still missing the Access-Control-Allow-Methods: GET, POST, DELETE, PUT, OPTIONS header (or any methods you want to support)
I’m not sure why the curl response is different though, though it looks like you’re hitting a different content type in the browser and curl requests.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
Mike Barlow
Sep 22, 2015, 12:59:24 PM9/22/15
to Swagger
Well here's the code I put in:
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, DELETE, PUT, PATCH, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, api_key, Authorization');
header('Content-Type: application/json');
So the "methods" should show up but after trying to use CURL to simply hit the service URI (as I would from a browser) I see that CURL looks to be prompted for authentication to get into the site.
I tried the standards of:
CURL -u <Username>:<Password> <URI>
and even
CURL http://<Username>:<Password>@<URI>
But in both cases I still get the prompt for the username/password. So I'm guessing that my Swagger test is getting the same response (but not sure why it's not reporting that to me and is simply reporting a generic "Error" with an undefined headers and no body...
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsub...@googlegroups.com.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsub...@googlegroups.com.
Ron Ratovsky
Sep 22, 2015, 1:04:29 PM9/22/15
to Swagger
Do you get prompted for the user/pass when using -I too?
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
Mike Barlow
Sep 22, 2015, 1:18:44 PM9/22/15
to Swagger
Nope, I just get the headers you saw...
BUT, I DID find an answer that's working, that might be useful for others using IIS as their server:
CORS on IIS7
For Microsoft IIS7, merge this into the web.config file at the root of your application or site:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>And, since I'm also using the Swagger-UI to display the JSON API file which I put up on the server, I had to tell IIS to display JSON files which I found out with this article:
Sometimes we need to create JSON in a text file with extension .json, however by default IIS 7 or any of the IIS are not configure to handle .json extension. So below is a very simple method to do that. You can apply the method on the root of IIS so .json can be handled by every site or virtual folder in the IIS or just to the specific site.
- Open IIS Manager
- Display properties for the IIS Server
- Click MIME Types and then add the JSON extension:
- File name extension: .json
- MIME type: application/json
- Go back to the properties for IIS Server
- Click on Handler Mappings
- Add a script map
- Request path: *.json
- Executable: C:\WINDOWS\system32\inetsrv\asp.dll
- Name: JSON
So, long story short my Swagger-Editor can now test my api on the server and my Swagger-ui can display the API via the resulting JSON file!
Thanks for your help on pointing me in the right direction!
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsub...@googlegroups.com.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsub...@googlegroups.com.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsub...@googlegroups.com.
Mike Barlow
Sep 22, 2015, 1:25:19 PM9/22/15
to Swagger
Hmmm I spoke too soon. Swagger-UI IS correctly rendering the output of my API.JSON file but Swagger-Editor test of the service is "prompting" for the credentials.
What would be the best way to pass the credentials to the service?
Ron Ratovsky
Sep 22, 2015, 1:29:37 PM9/22/15
to Swagger
Have you defined the security scheme(s) as part of your Swagger definition?
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
Mike Barlow
Sep 22, 2015, 1:38:54 PM9/22/15
to Swagger
No I haven't but from looking at the docs it looks like it only supports oauth authentication (unless I missed something)...
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsub...@googlegroups.com.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsub...@googlegroups.com.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsub...@googlegroups.com.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsub...@googlegroups.com.
Ron Ratovsky
Sep 22, 2015, 1:39:53 PM9/22/15
to Swagger
Swagger supports basic authentication, api key (which is basically any key/value combination in either a header or a query parameter) and oauth2.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
-------------------------------------------http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages