Hi all, I just noticed on a HTTPS site that the Base URL at /api/v1/.html was listed as HTTP rather than HTTPS.
Looking at Mojolicious::Plugin::OpenAPI, it seems that it's hard-coded to HTTP *if* a scheme isn't specified in the spec: https://github.com/jhthorsen/mojolicious-plugin-openapi/blob/master/lib/Mojo licious/Plugin/OpenAPI/SpecRenderer.pm#L406 Looking at https://swagger.io/docs/specification/2-0/api-host-and-base-path/, we could be setting "schemes" there. I'm not 100% sure what we should do here. Maybe nothing. But it just seem unfortunate to be showing a HTTP link on a HTTPS page especially for an API... David Cook Software Engineer Prosentient Systems Suite 7.03 6a Glen St Milsons Point NSW 2061 Australia Office: 02 9212 0899 Online: 02 8005 0595 _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : https://www.koha-community.org/ git : https://git.koha-community.org/ bugs : https://bugs.koha-community.org/
