Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to serve swagger over https? What are the correct settings? #227

Closed
siulkilulki opened this issue Jan 14, 2017 · 10 comments
Closed

How to serve swagger over https? What are the correct settings? #227

siulkilulki opened this issue Jan 14, 2017 · 10 comments
Labels
documentation duplicate

Comments

@siulkilulki
Copy link

I have working swagger when accessing it over HTTP, but when I try to access it over HTTPS I get following error:
swagger-ui.min.js:10 Mixed Content: The page at 'https://www.little-hero.tk/api/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://www.little-hero.tk/api/swagger.json'. This request has been blocked; the content must be served over HTTPS.

Full printscreen: http://i.imgur.com/jms8bdh.png

What should I do? There is no information in docs. I'm using cloudflare to get https if it helps.
@ziirish
Copy link
Collaborator

ziirish commented Jan 19, 2017

Your issue looks similar to #132
Maybe you can have a look at this issue and try out the proposed fix.

@cwalkatron
Copy link

cwalkatron commented Jan 20, 2017
edited
Loading

I fixed this like this:

from werkzeug.contrib.fixers import ProxyFix
application.wsgi_app = ProxyFix(application.wsgi_app)

@heaje
Copy link

heaje commented Jan 30, 2017

@cwalkatron: I just added the way I fixed this same issue to #132

@jnguyenx
Copy link

@cwalkatron can you please show more code how you fixed it? I tried to use the ProxyFix without any success.

...
from werkzeug.contrib.fixers import ProxyFix

app = Flask(__name__)
app.wsgi_app = ProxyFix(app.wsgi_app)
...

Even with that I still get the cross-origin issue.

@jnguyenx
Copy link

I was missing one line in my nginx.conf proxy_set_header X-Forwarded-Proto $scheme;. Otherwise I used this nginx config, but didn't include the ProxyFix.

@lybroman lybroman mentioned this issue Mar 22, 2019
Closed
@lybroman
Copy link

lybroman commented Mar 22, 2019
edited
Loading

With the update of werkzeug to 0.15. The above fix may need some parameters update to work as before. We are using the ELB of AWS, so need to update the x_ parameters accordingly.

@davidism
Copy link

davidism commented Mar 22, 2019
edited
Loading

Absolutely do not make a broad recommendation to set every value to 1. Each value should be set based on the specific hosting setup for each application. This is relevant to security, and is described in the documentation for ProxyFix. The default of x_for=1, and possibly x_host=1, is what's needed in most cases, but again you need to verify that the proxy is actually setting those headers.

@ziirish
Copy link
Collaborator

ziirish commented Mar 26, 2019

Hi,

The discussions will take place in #223 since your issue is quite similar.

@ziirish
Copy link
Collaborator

ziirish commented Mar 27, 2019

I'm now closing this issue.
Please follow discussions in #223

@ziirish ziirish closed this as completed Mar 27, 2019
@c24b
Copy link

c24b commented Dec 9, 2019

Related to #132 where I found the correct Fix for Flask-Restplus with Nginx and gunicorn

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@cwalkatron @ziirish @c24b @davidism @heaje @jnguyenx @lybroman @siulkilulki