0

Recently I've moved from SpringFox 2 to Springdoc + OpenAPI 3. It's a bit faster and it works perfectly in my local environment.

When I try to use it in the production environment, the Swagger UI page opens fine. The problem is when I hit the API endpoint, Swagger UI shows this error message:

Error in Swagger UI

The error in the browser console is:

Mixed Content: The page at 'https://<myproductionUrl>/swagger-ui/index.html#/Ravel/getLabelFormats' was loaded over HTTPS, but requested an insecure resource 'http://<myproductionAPIUrl>/labels?language=10&includeData=false'. This request has been blocked; the content must be served over HTTPS.

I enabled CORS in my Spring Boot project:

@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
    registry.addResourceHandler("swagger-ui.html")
            .addResourceLocations("classpath:/META-INF/resources/");

    registry.addResourceHandler("/webjars/**")
            .addResourceLocations("classpath:/META-INF/resources/webjars/");
}

@Override
public void addCorsMappings(CorsRegistry registry) {
    registry.addMapping("/**").allowedOrigins("*");
}

This is my Pom file:

    <dependency>
        <groupId>org.springdoc</groupId>
        <artifactId>springdoc-openapi-ui</artifactId>
        <version>1.6.9</version>
    </dependency>

    <!-- https://mvnrepository.com/artifact/io.swagger.core.v3/swagger-annotations -->
    <dependency>
        <groupId>io.swagger.core.v3</groupId>
        <artifactId>swagger-annotations</artifactId>
        <version>2.2.8</version>
    </dependency>

    <!-- https://mvnrepository.com/artifact/io.swagger.core.v3/swagger-models -->
    <dependency>
        <groupId>io.swagger.core.v3</groupId>
        <artifactId>swagger-models</artifactId>
        <version>2.2.8</version>
    </dependency>

    <dependency>
        <groupId>io.netty</groupId>
        <artifactId>netty-handler</artifactId>
        <version>4.1.79.Final</version>
    </dependency>

My application.yml file configuration:

springdoc:
  swagger-ui:
    enabled: true
    disable-swagger-default-url: true
  api-docs:
    path: /v3/api-docs

Java 8
Spring Boot 2.7.8

I don't know what configuration I've forgot. Can someone orient me?

Helen
  • 87,344
  • 17
  • 243
  • 314
Palio
  • 11
  • 1
  • 2
  • What's the error message on the Console tab in the browser dev tools? – Helen Mar 01 '23 at 08:09
  • Hi @Helen, I´m looking into the Console and this message show Mixed Content: The page at 'https:///swagger-ui/index.html#/Ravel/getLabelFormats' was loaded over HTTPS, but requested an insecure resource 'http:///labels?language=10&includeData=false'. This request has been blocked; the content must be served over HTTPS. How can enabled https or what configuration is missing ? Thanks a lot – Palio Mar 01 '23 at 14:06
  • Interesting. Is `http://` or the use of `http://` hard-coded anywhere in your code/configs? I think in your case the API base URL in Springdoc/Swagger UI configs is supposed to be set to `/` (i.e. the server root) so that Swagger UI will send API calls to exactly the same server/protocol from where it's served. – Helen Mar 01 '23 at 16:44
  • Maybe the suggestions here will help? -> https://github.com/springdoc/springdoc-openapi/issues/118 – Helen Mar 01 '23 at 16:56
  • Hi, @Helen thank you so much, it a little works now, I put some configuration from your last response, and addition from this link [link](https://stackoverflow.com/questions/37671125/how-to-configure-spring-security-to-allow-swagger-url-to-be-accessed-without-aut) I have a question if it´s possible set manually headers for all EndPoints ? I mean that if it is possible that from code all Apis have for example a specific header ("customheader":"value") – Palio Mar 01 '23 at 20:37

0 Answers0