Allow HTTPS Scheme on YASG
Closed this issue · 3 comments
What is needed?
Being able to select HTTPS on Swagger UI
Background
I've followed the README.md in Github, setup the docker environment via docker-compose and read through the ENV configs and there isn't anything about setting the HTTPS protocol when serving the swagger page. There's no way to set HTTPS on the swagger screen. This is critical when serving the page via a secure connection.
It seems that drf_yasg has a param that will allow for this DEFAULT_API_URL
https://drf-yasg.readthedocs.io/en/stable/drf_yasg.html?highlight=scheme#drf_yasg.generators.OpenAPISchemaGenerator
This seems as simple as having HTTPS added to the protocol dropdown. I've tested by editing the HTML within the browser and executing - it returned 200 OK
Hi @amaurer . Our production services run on https with no configuration changes, you can check on https://safe-relay.gnosis.io/. You need to configure https on the nginx container. Hardcoding DEFAULT_API_URL is not a good solution for us (we were doing that some time ago before we realized that a header was missing https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto)
Hey @Uxio0 ,
Thanks for sharing the experience with DEFAULT_API_URL and that makes perfect sense. I don't think forcing a user to procure a self-signed cert and alter the configs is the best solution. Due to a lot of topologies allow for ssl traffic to be terminated before the host. In my case, I am doing so at the EC2 load-balancer which is exclusive and forwards directly to the host. In front of that are CDN technologies which are actually adding x-forwarded-proto header.
Hopefully you'll accept my fix in Nginx config that allows an existing header for x-forwarded-proto to be used instead of the Nginx published protocol.