"Try it out" doesn't work with JSON bodies that don't validate against the schema #3451
Comments
|
SwaggerUI is bundled with NSwag but is a third-party project. Is the code the same upstream?do we need an update? If that's the same code upstream, you need to ask to the swaggerUI repo directly |
|
I tried with the latest SwaggerUI, and that worked fine locally for me. I did both checkout their source code directly and serve it via their script, and I also just tried the latest bundle from SwaggerUI. In both cases, it worked for me. So I think it might just be an update required for SwaggerUI, but I didn't find anything in their releases that would indicate such a bug exists. I think the latest one that's bundled in NSWag is from around February or so, so not too old. I also searched the original SwaggerUI repo, but from what I understood, the validation can't be disabled. However, I've been unable to really figure out why the validation fails for the bundled version, and why it works with the latest version... |
|
If you could clone this project and try to update the swagger UI dependency and eventually make a PR, that'd be great 👍 |
|
Sure, I will😀 Should be ready sometime this evening. |
|
@GeorgDangl Swagger UI updated... |
* mitigate cve-2021-26701 (RicoSuter#3449) Co-authored-by: Joe Koullas <[email protected]> * Update NJS * Update NR * v13.11.0 * Update to swagger-ui-3.48.0, RicoSuter#3451 * Allow UseAbortSignal for Aurelia, closes RicoSuter#3452 Co-authored-by: Joe <[email protected]> Co-authored-by: Joe Koullas <[email protected]> Co-authored-by: Rico Suter <[email protected]>
|
Sorry for taking a bit, didn't manage to pull if off yesterday😀 I'll start working on a PR right now, since I think there's still something not being updated correct. This code here shows that somehow still v3.43 is present: using var swaggerUiStream = typeof(NSwag.AspNetCore.SwaggerSettings)
.Assembly
.GetManifestResourceStream("NSwag.AspNetCore.SwaggerUi3.swagger-ui-bundle.js");
using var sr = new StreamReader(swaggerUiStream);
var content = sr.ReadToEnd();
var isV3_43 = content.Contains("\"3.43"); // True
var isV3_48 = content.Contains("\"3.48"); // FalseBut it looks like I'm on the latest NSwag version: #region Assembly NSwag.AspNetCore, Version=13.11.0.0, Culture=neutral, PublicKeyToken=c2d88086e098d109
// C:\Users\Georg\.nuget\packages\nswag.aspnetcore\13.11.0\lib\netcoreapp3.1\NSwag.AspNetCore.dll
#endregion
|
|
Ok, crazy, just cloned the repo and tried updating the SwaggerUI files, looks like they're already at v3.48 in the repository... So, I need to investigate further, either there's some caching going on that I'm unaware of, or something else. Looking forward to any input you might have😀 in the meantime, I'll try if I'm able to figure out how the *.js files in the repo are actually served to the browser. |
|
The NSwag package might not be published yet even the code has been updated, please wait 😉 |
|
Well, there was an update 4 hours ago on NuGet, v 13.11.0. |
|
Just looked at the build history, figured it all out now, it’s not yet in 13.11.0. |
|
For reference, looks like it's been this issue, which was resolved with SwaggerUI v3.48: swagger-api/swagger-ui#7206 |
|
v13.11.1 |
|
See https://github.com/RicoSuter/NSwag/commits/master |
|
Great, thank you😀 Just tried it works, works perfectly! Thank you for reacting so quickly! |
I've noticed this in one of our apps, where we use Swagger UI 3 with the generated
swagger.json. For POST actions that have a JSON body, clicking in theExecutebutton doesn't do anything.You can try it out here:
https://avacloud-api.dangl-it.com/swagger/index.html?url=/swagger/swagger.json#/AvaConversion/AvaConversion_ConvertToAva
Just enable "Try it out", then remove the body and try just sending an empty JSON object like
{}. Clicking on theExecutebutton doesn't do anything, it neither shows a validation error nor does it log anything to the console.After a bit of debugging (with the prettified
swagger-ui-bundle.js), it looks like this here is the error: https://github.com/swagger-api/swagger-ui/blob/master/src/core/utils.js#L495So, at first glance, this looks like desired behavior. However, it worked in previous versions, and it also works in the latest official SwaggerUI. Ideally, it would just let me send the requests (since some of the required properties are actually just auto-generated read only properties, and thus aren't really required for POSTing JSON), or at least show the errors somehow.
The text was updated successfully, but these errors were encountered: