Swagger UI attempts to load petstore on xhr.readyState.HEADERS_RECEIVED
Closed this issue · 1 comments
masch712 commented
My server is hosting HTTPS with swagger-tools, and when I navigate to my swagger-ui path (the default https://localhost:[port]/docs), my browser (Chrome) warns me: "Insecure content blocked". This is because the page is attempting a XHR to http://petstore.swagger.io/v2/swagger.json.
swagger-tools/middleware/swagger-ui/index.html
Lines 95 to 105 in 361c1f6
It seems that the
xhr.onreadystatechange
callback is called twice: once for HEADERS_RECEIVED
, then again for DONE
. On the first call, the code proceeds to call initSwaggerUi(url)
with the petstore URL because the xhr.readyState
is not yet DONE
. The petstore JSON is hosted via HTTP, and since Chrome is showing a page over HTTPS, it warns the user of a fishy smell.Besides the warning, the rest of the page behavior is top notch.
Is this petstore call intentional? I didn't see any documentation around it.
whitlockjc commented
This should be done in swagger-ui and not in swagger-tools
.