Hi, I think that I've found out why what I am seeing (the OPTION request failing when Firefox is used). It appears that is because with CORS and the OPTION request, it does not send the client cert.
So if I have the server port configured for "Required", the OPTION request fails. I have seen some suggestion that the port be set to OPTIONAL, which lets the OPTION request through, but then the user ends up being UNAUTHORIZED, since their browser didn't present a client cert. So it seems like Swagger won't work when going to a 2-way SSL endpoint when Firefox is used. So far, Chrome DOES work, and I am trying to see if it is possible to get IE working. Jim On Friday, April 20, 2018 at 11:00:48 AM UTC-4, O haya wrote: > > Hi, > > BTW, I wanted to mention that from Googling, my understanding is that > OPTIONS request is related to CORS, but, FYI, the server-side, in this > case, is configured for CORS and if everything was working I would see a > lot of logging for the CORS interchanges on my server, but, in this case > now, when I test with Firefox and Swagger, I am seeing NOTHING on the > server logs, i.e., no indication that even a connection was made (also > remember that I am not even getting the cert popup on the Firefox), so I am > guessing that when Firefox/Swagger is sending the OPTIONS request, there is > something wrong with that, e.g., like Firefox is not sending the client > cert, or something. > > > On Friday, April 20, 2018 at 10:14:30 AM UTC-4, O haya wrote: >> >> Hi, >> >> I was able to get Chrome working so far. I had to start Chrome with >> " --user-data-dir="C:/Chrome dev session" --disable-web-security" >> parameters in order to get Chrome to work. >> >> However, I cannot get the same Swagger request to work with either >> Firefox or Internet Explorer. >> >> With Firefox, I am checking with WebDeveloper, and it looks like the >> request is failing because Swagger is sending an "OPTIONS cert" request, >> which is failing with SSL_ERROR_BAD_CERT. >> >> If I run a REST client plugin in the same Firefox and submit a request >> using that instead of via Swagger, it works, and I noticed that the REST >> client plugin is ONLY sending a POST request (which works), so why is >> Swagger sending the OPTIONS cert request, and is there a way to make >> Swagger NOT send the OPTIONS cert but just send a POST instead? >> >> Thanks, >> Jim >> >> >> >> On Wednesday, April 18, 2018 at 5:19:50 PM UTC-4, O haya wrote: >>> >>> Hi, >>> >>> We are using Swagger/Swagger-UI to test some of our APIs, but some of >>> our APIs require that they are accessed using SSL. >>> >>> Right now, to start, I am just trying to test with a small sample API >>> ,"/testnocors/cert/" but when I click Execute on the Swagger page, I am >>> getting "TypeError: Failed to fetch", and actually on our server side >>> logging, I don't see anything, which I think means that the connection is >>> not even getting past the SSL handshake. >>> >>> If I test HTTP/non-SSL to the same machine (but a different, non-SSL >>> port), Swagger works fine, i.e., if I click Execute, I get a response on >>> the Swagger page and also on the server side I see logging indicating that >>> a request was processed. >>> >>> If I execute the curl command that Swagger displays, the curl command >>> works correctly (both with the non-SSL and SSL). >>> >>> Does anyone know why this might not be working? Does Swagger page >>> simply not work with an SSL endpoint? >>> >>> Thanks, >>> Jim >>> >> -- You received this message because you are subscribed to the Google Groups "Swagger" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
