I have my API documented with Swagger. For developer convenience I would like to provide the swagger GUI on my website as well. However, my provider has not installed the php yaml extension. It implies that I can't use the GUI on my own website.
So, I would like to use a third party GUI. I know that I can use https://petstore.swagger.io/ and enter the link to my yaml file in the text box. This is also not really user friendly. I prefer to open the GUI and specify the yaml when calling the url. For the user the GUI opens with my API definition.
Any thoughts?
If for some reason you cannot host Swagger UI youself, here are some alternatives you can try:
Use SwaggerHub to host your API definition and docs.
Disclosure: I work for the company that makes SwaggerHub.
Use GitLab to host your OpenAPI YAML/JSON file. GitLab uses Swagger UI to render OpenAPI files. Example:
https://gitlab.com/gofus/gofus-api/blob/dev/swagger.yaml
Use https://petstore.swagger.io with the url query parameter to automatically load your API definition:
https://petstore.swagger.io?url=https://yoursite.com/api.yaml
For this to work, the server where your OpenAPI file is hosted must use HTTPS and support CORS.
Related
Recently Google's Lighthouse tool alerted me to the fact that I wasn't providing a Content Security Policy. However, when I try to add one (or at least one without the word "unsafe" in it), I wind up with a bunch of violations, seemingly coming from Next.js and Styled-Components.
Both libraries seem to use dynamic script/style tags which violate any sane CSP. But the only way I've found to work around them is to use a "nonce". However, that seems to require having an actual server running: if you're using Next to generate static files (to host on a static host like AWS S3), you can't provide nonces.
My question is simple: am I missing anything? Is there some non-nonce-based way, or a static-host-nonce-based way, to host a site on S3 using Next.js and Styled Components?
Or is it just impossible to use those libraries together with a strict CSP (without a server-generated nonce)?
I hope you:
do not use inline styles like <tag style='display:none;'> or JS call of element.setAttribute('style', ...).
do not use built-in inline event handlers like <tag onclick='...'> and JS-navigation like <a href='javascript:void(0)'>
because all of above require 'unsafe-inline' in styles/scripts respectively since 'unsafe-hashes' token is not supported by Safary and bugly supported by Firefox.
For Single Page Applications (SPA) (without server-side rendering), using 'nonce-value' is not useful, because the SPA does not reload the page, but only partially updates its contents, but you must generate new nonce for each page loading.
For serverless apps (like static file hosting) and SPA apps you can use 'hash-value' instead of 'nonce-value' to allow inline scripts and styles.
If you use Webpack, it has some plugins, for instance, csp-html-webpack-plugin plugin will generate content for your Content Security Policy meta tag and input the correct data into your HTML template, generated by html-webpack-plugin. All inline JS and CSS will be hashed, and inserted into the policy.
I am getting the following response when requesting for Swagger doc in a Web API project,even the same response getting from Azure.
Can any one help me to get the Swagger UI.
Perhaps try to request the Swagger-UI through a different url, eg.../swagger/index.html.
I am not working with .NET here and I have no Idea about your setup, but did you (for example) copied swagger-ui resources to your webdir?
It looks like you are calling swagger interface directly and not swagger-ui (which is something different).
https://swagger.io/swagger-ui/
from Swagger-Ui Documentation:
Step 1: Go to the GitHub repository of the Swagger UI project
Step 2: Clone or download the zip file of the repository
https://github.com/swagger-api/swagger-ui
Usage
Step 1: Go to the folder containing the Swagger UI project in your local machine
Step 2: Open the dist folder
Step 3: Run the dist/index.html file on a browser or place the dist folder inside your server.
Step 4: The Swagger UI will now be live in the browser, with the default rendering of the Swagger Petstore. The JSON specification of the Swagger Petstore can be found here - http://petstore.swagger.io/v2/swagger.json
Note: Please remember that to load a specification and execute the UI’s try out requests, you would need to have enabled CORS (read below)
Step 5: You can mention the YAML or JSON path of any existing specification hosted on a server in the field on the top navigation bar.
The correct URL for the UI would be https://localhost:44390/swagger/ui/index
Check if swagger is configured to use any custom route or prefix. In this case the UI URL would be url:port/route-prefix/index.html. Route prefix empty = url:port/index.html.
We want not just to share the API console that is provided via apikit component in a Mule application, but also the raw RAML file so consumers can create their own clients based on the RAML. As far as I know, there is not user friendly way to download the published raw RAML file from within the APIKit console. I just found that one can point to the /api url and do a GET with "application/raml+yaml" content-type, but it is not user friendly enough. Any clues? Thanks
You can use the URL to your console with ?raml on the end of the url.
http://myapp.cloudhub.io/api/v1/console?raml
In at least Mule 4.3.0 (maybe earlier), you can append ?api to the console URL, e.g.
http://localhost:88/myproject/console/?api
I am new to Yii. I have a jquery file manager working with plain PHP script. Now i want to integrate it with Yii Application. The flow is like, from index it will initiate jquery function, which will search for PHP connector script. My problem is, how can i include connector script in Yii so that the Jquery can access it
If you've got the rest of the extension working, then you can create a controller within this extension's directory to handle any actions for it. Then you can use the URL rules in the configuration to send specific URLs to it.
as of now i did not create any extensions, I put the connector script under assets directory and it just worked fine. I am sure this cannot be the best practice. I would like to get help on creating custom extensions for Yii
If I have a custom .browser file, and I want to evaluate what will happen if it is given a particular User Agent, is there any way to do that through the .NET API?
I was attempting to use HttpBrowserCapabilites, but I'm not sure how to load a custom .browser file into that class.
Normally, you should not have to explicitly load the HttpBrowserCapabilities class; ASP.NET will load it for you, as long as you have your .browser file in the right place (in App_Browsers).
However, testing it will be another problem. You can't modify the "User-Agent" HTTP Header from within either the HttpApplication (global.asax) or a custom HttpModule.
This leaves only awkward techniques, such as using Reflection to force the value, or using an external tool (such as Fiddler). Alternately, if you're good with C/C++, you could take a simple example for an ISAPI filter and modify it, then install it in IIS.
Install the User Agent Switcher Firefox extension. It will let you adjust the user agent the browser sends to the web server.
http://chrispederick.com/work/user-agent-switcher/