swagger-editor: Server generator: Request has been blocked; the content must be served over HTTPS.

Q A
Bug or feature request? Bug
Which Swagger/OpenAPI version? hosted version at editor.swagger.io
Which Swagger-Editor version? hosted version at editor.swagger.io
How did you install Swagger-Editor? hosted version at editor.swagger.io
Which broswer & version? Chrome Version 60.0.3112.90 (Official Build) (64-bit)
Which operating system? MacOS Sierra

Demonstration API definition

N/A (any compiling definition)

Configuration (browser query string, constructor, config.yaml)

N/A

Expected Behavior

Should build code and download for server.

Current Behavior

Clicking the language you want the server built in generates an error in the console:

Server generator: Request has been blocked; the content must be served over HTTPS.

Possible Solution

Workaround is to select the security icon in the right of the address bar and allow the script to run manually.

Context

Trying to generate a quick simple go server api.

About this issue

  • Original URL
  • State: open
  • Created 7 years ago
  • Reactions: 7
  • Comments: 18 (4 by maintainers)

Most upvoted comments

Workaround is to select the security icon in the right of the address bar and allow the insecure resource. it is work for me

+3
owen-rpx on Sep 3, 2020

Aha - this is Swagger-Codegen’s fault!

Mixed Content: The page at ‘https://localhost:3201/’ was loaded over HTTPS, but requested an insecure resource ‘http://generator.swagger.io/api/gen/download/9072771b-127c-4d76-9046-a9e7216f69fc’. This request has been blocked; the content must be served over HTTPS.

The generator is sending the user agent to an http download URL, even if the initial request was over HTTPS. Clearly, browsers don’t allow accessing HTTP content from an HTTPS page, so the download fails.

+2
shockey on Dec 29, 2017

Bug is still there on https://editor.swagger.io/

+2
hemanth7787 on Nov 13, 2017

I found that re-ordering the schemes helped me over-come the issue. I am serving the swagger over https (with invalid certificate if that is of any consequence), the schemes were set-up as follows:

c.Schemes(new[] { "http", "https" });

I changed this to:

c.Schemes(new[] { "https", "http" });

After the change, the mixed-content error went-away.

+1
a-j-butler on Jun 6, 2018

I can reproduce this when accessing the Editor over HTTPS (https://editor.swagger.io/).

This is interesting, since we’re fetching the Generator API definition over HTTPS: https://github.com/swagger-api/swagger-editor/blob/master/src/standalone/topbar/topbar.jsx#L18

Maybe there’s some funk with the scheme inference on Swagger-Client’s side.

+1
shockey on Aug 25, 2017
Read more comments on GitHub
← swagger-editor: Misleading error message claiming allowed values in "in" of a parameter only "query, header, cookie" without "path"
swagger-editor: Swagger editor won't put false boolean values in the URL for "try this operation"  →