Springfox swagger-ui.html 无法推断基本 URL - 由缺少 cookie 引起 [英] Springfox swagger-ui.html unable to infer base URL - Caused by missing cookies

问题描述

我们的 Spring Boot 服务位于 API 网关后面.使用 Springfox 的早期版本 - 2.1.2，我们在加载 swagger-ui.html 页面时没有问题.这适用于 Spring Boot 1.4.3.RELEASE.从那时起，我们已经升级到 Boot 1.5.7，并将 Springfox 升级到 2.8.0.

We have our Spring Boot services behind an API Gateway. With an earlier version of Springfox - 2.1.2 we had no issues in loading the swagger-ui.html page. This worked with Spring Boot 1.4.3.RELEASE. From then, we have upgraded to Boot 1.5.7 and upgraded Springfox to 2.8.0.

现在，如果我们加载页面，我们会看到一个带有以下长消息的警告框.

Now if we load the page we get an alert box with the following long message.

无法推断基本网址.这在使用动态 servlet 时很常见注册或当 API 位于 API 网关后面时.基本网址是提供所有 swagger 资源的根.例如如果该 API 可在 http://example.org/api/v2/api-docs 然后基本网址是 http://example.org/api/.请输入位置手动

Unable to infer base url. This is common when using dynamic servlet registration or when the API is behind an API Gateway. The base url is the root of where all the swagger resources are served. For e.g. if the api is available at http://example.org/api/v2/api-docs then the base url is http://example.org/api/. Please enter the location manually

我在网上搜索了一些提示，但这些情况似乎不适用于我们.一方面，如果我只是简单地恢复版本，它就会通过同一个 API 网关重新开始工作.

I got some hints searching online, but it does not seem those situations apply to us. For one, if I simply revert back the versions, it starts working again through the same API Gateway.

跟踪流量，.html 页面对三个 XHR 资源的调用似乎引起了问题.这些从我们的 API 网关返回 401.他们返回 401 的原因是因为 cookie 没有传递.

Tracking the traffic, it seems calls to three XHR resources made by the .html page is causing issues. These are returning 401 from our API gateway. And the reason they return 401 is because the cookies are not passed along.

三个调用分别是:

• https://base_address/base_context/swagger-resources/configuration/ui
• https://base_address/base_context/swagger-resources/configuration/security
• https://base_address/base_context/swagger-resources

如果我将这些 URL 作为纯浏览器请求加载 - 它们可以工作 - 因为发送了 cookie.

If I load these URLs as pure browser requests - they work - because cookies are sent.

我怀疑 CORS 是否适用，因为 HTML 是从与 swagger JSON 和实际服务调用相同的地址提供的.

I doubt if CORS applies since the HTML is being served from the same address as the swagger JSON and actual service calls.

知道为什么会发生这种情况吗?有人遇到过类似的问题吗?解决方法的建议?非常感谢.

Any idea why this may be happening? Anybody faced similar issues? Suggestions for workaround? Thanks much in advance.

推荐答案

在安全配置中添加 -- 以下为认证跳过的 URL::

Add in the security config -- following URLS that are skipped for authentication ::

private static final String[] AUTH_WHITELIST = {
        "/swagger-resources/**",
        "/swagger-ui.html",
        "/v2/api-docs",
        "/webjars/**"
};

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers(AUTH_WHITELIST);
}

这篇关于Springfox swagger-ui.html 无法推断基本 URL - 由缺少 cookie 引起的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！