The OPTION call is being sent by the browser, not Swagger-UI. We can’t control whether it does or doesn’t, it’s a security feature implemented by the browser.
If there’s an issue with FF, it may be a bug with the browser itself. From: <swagger-swaggersocket@googlegroups.com> on behalf of O haya <jim...@gmail.com> Reply-To: "swagger-swaggersocket@googlegroups.com" <swagger-swaggersocket@googlegroups.com> Date: Friday, April 20, 2018 at 23:41 To: Swagger <swagger-swaggersocket@googlegroups.com> Subject: Re: SSL to endpoint - "TypeError: Failed to fetch" Hi, I think that I've found out why what I am seeing (the OPTION request failing when Firefox is used). It appears that is because with CORS and the OPTION request, it does not send the client cert. So if I have the server port configured for "Required", the OPTION request fails. I have seen some suggestion that the port be set to OPTIONAL, which lets the OPTION request through, but then the user ends up being UNAUTHORIZED, since their browser didn't present a client cert. So it seems like Swagger won't work when going to a 2-way SSL endpoint when Firefox is used. So far, Chrome DOES work, and I am trying to see if it is possible to get IE working. Jim On Friday, April 20, 2018 at 11:00:48 AM UTC-4, O haya wrote: Hi, BTW, I wanted to mention that from Googling, my understanding is that OPTIONS request is related to CORS, but, FYI, the server-side, in this case, is configured for CORS and if everything was working I would see a lot of logging for the CORS interchanges on my server, but, in this case now, when I test with Firefox and Swagger, I am seeing NOTHING on the server logs, i.e., no indication that even a connection was made (also remember that I am not even getting the cert popup on the Firefox), so I am guessing that when Firefox/Swagger is sending the OPTIONS request, there is something wrong with that, e.g., like Firefox is not sending the client cert, or something. On Friday, April 20, 2018 at 10:14:30 AM UTC-4, O haya wrote: Hi, I was able to get Chrome working so far. I had to start Chrome with " --user-data-dir="C:/Chrome dev session" --disable-web-security" parameters in order to get Chrome to work. However, I cannot get the same Swagger request to work with either Firefox or Internet Explorer. With Firefox, I am checking with WebDeveloper, and it looks like the request is failing because Swagger is sending an "OPTIONS cert" request, which is failing with SSL_ERROR_BAD_CERT. If I run a REST client plugin in the same Firefox and submit a request using that instead of via Swagger, it works, and I noticed that the REST client plugin is ONLY sending a POST request (which works), so why is Swagger sending the OPTIONS cert request, and is there a way to make Swagger NOT send the OPTIONS cert but just send a POST instead? Thanks, Jim On Wednesday, April 18, 2018 at 5:19:50 PM UTC-4, O haya wrote: Hi, We are using Swagger/Swagger-UI to test some of our APIs, but some of our APIs require that they are accessed using SSL. Right now, to start, I am just trying to test with a small sample API ,"/testnocors/cert/" but when I click Execute on the Swagger page, I am getting "TypeError: Failed to fetch", and actually on our server side logging, I don't see anything, which I think means that the connection is not even getting past the SSL handshake. If I test HTTP/non-SSL to the same machine (but a different, non-SSL port), Swagger works fine, i.e., if I click Execute, I get a response on the Swagger page and also on the server side I see logging indicating that a request was processed. If I execute the curl command that Swagger displays, the curl command works correctly (both with the non-SSL and SSL). Does anyone know why this might not be working? Does Swagger page simply not work with an SSL endpoint? Thanks, Jim -- You received this message because you are subscribed to the Google Groups "Swagger" group. To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Swagger" group. To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
