Swagger UI - " TypeError: Failed to fetch" on valid response

Question

I've just pulled down the latest Swagger from the Git repo (3.0.19) using: https://github.com/swagger-api/swagger-ui.git and updated my API to use the new version.

Ran git describe --tags to confirm and my version is currently: v3.0.19-6-gaab1403

The problem I'm having is one described here, whereby my response is a 403 (I can see this in the inspector on the browser) and although I have a reponse for error 403, I still get the TypeError: Failed to fetch message.

Here's a snippet from my definition regarding the 403 response:

                    "403": {
                    "description": "Forbidden",
                    "headers": {
                        "Access-Control-Allow-Origin": {
                            "type": "string"
                        }
                    }
                },

I've also noticed it reported here however, I know it's not a CORS issue as I have tested the endpoints and the OPTIONS are returning correct, as are the endpoints if called with valid information (I force this 403).

Could anyone point me in the right direction please?

Update: I have since tested on a 401 response, with the same response.

And that a 400 is working as expected:

Answer 1

For anyone that runs into this problem;

After a day of troubleshooting and the Swagger support guys pointing me in the right direction, it turns out that this is currently caused by a bug within the AWS API Gateway custom authorizers.

We are currently using AWS API Gateway for managing our APIs, this includes managing all our authorization via a custom authorizer. The issue is that custom authorizers do not currently support passing through headers within the response and Swagger UI needs the Access-Control-Allow-Origin:* within the response header(s) to display the correct HTTP status code.

See this AWS thread regarding the issue (which is older than a year already):

https://forums.aws.amazon.com/thread.jspa?messageID=728839

Swagger UI discussion on same: https://github.com/swagger-api/swagger-ui/issues/3403

EDIT / UPDATE

This has since been resolved with the use of Gateway Responses. See this same forum (page 2):

https://forums.aws.amazon.com/thread.jspa?messageID=728839

Answer 2

I hit this error during local development (i.e., had nothing to do with AWS). The underlying cause (CORS violation) is identical. The following might help others who encounter this problem.

I setup connexion with an openapi spec that referred to http://localhost:9090/. When the development server starts, it says "Running on http://0.0.0.0:9090/". That page appears to work, but the swagger ui uses http://localhost:9090/ from the openapi spec for subsequent requests and shows TypeError: Failed to fetch in results. The browser console shows Access to fetch at 'http://localhost:9090/vr/variation' from origin 'http://0.0.0.0:9090'. The provided curl command worked fine; although initially confusing, the curl success is a clue that the problem is due to browser blocking rather than server-side failure.

(Connexion is based on Python flask and provides extended support for openapi integration.)

Answer 3

Because the problem of cross-origin means your website is hosted on either locally or with port 8000 or different port, and your swagger's port number is different, so this problem is genuine. We can fix it by giving permission.

Here is the node code:

app.use( (request, response, next) => {
    response.header("Access-Control-Allow-Origin", "*");
    response.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    next();
});

We can solve by using CORS npm as well. https://www.npmjs.com/package/cors

Answer 4

Disclaimer:- This answer is for APIs developed using Asp.net Core

I have faced similar issue when trying to access the APIs from the Swagger UI Editor. I was trying to access some APIs developed using Asp.net Core where as the Swagger UI Editor was hosted on Apache. I was facing CORS (Cross Orgin Request).

I have to modify my APIs code to allow CORS request using following code:- Declare within Startup.cs File having class "StartupShutdownHandler"

private readonly string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";

Added a section of code within ConfigureServices Method.

var str = ConfigurationHandler.GetSection<string>(StringConstants.AppSettingsKeys.CORSWhitelistedURL);
        if (!string.IsNullOrEmpty(str))
        {
            services.AddCors(options =>
            {
                options.AddPolicy(MyAllowSpecificOrigins,
                builder =>
                {
                    builder.WithOrigins(str);
            });
            });
        }

Added a line of code within Configure Method.

 app.UseCors(MyAllowSpecificOrigins);

Reference Enable Cross-Origin Requests (CORS) in ASP.NET Core

Answer 5

Please check the swaggerOptions provided to swagger jsdoc and check whether host and base name is correct. I have encountered the same issue before and got fixed the issue by correcting this. Hope this will also solve the problem.

Eg:

const options = {
  swagger: "2.0",
  swaggerDefinition: {
    // options.swaggerDefinition could be also options.definition
    info: {
      title: "Customer API", // Title (required)
      description: "Dummy Customer API for implementing swagger",
      contact: {
        name: "Stack Overflow"
      },
      version: "1.0.0" // Version (required)
    },
    host: "localhost:5000",
    basePath: "/"
  },
  // Path to the API docs
  apis: ["SwaggerImplementation/index.js"] // For complex api's pass something like apis: ["./routes/*.js"]
};

Answer 6

I had the same issue and there was a very simple fix. I accessed my site using HTTP but it required HTTPS. My site was redirecting to HTTPS when calling an endpoint.

This violated the "same-origin policy": https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-2.2

Answer 7

It's because some times your IIS Binding's HTTPS SSL Certificate will automatically goes to Not Selected. So again you have to manually select the SSL Certificates to1 IIS Express Development Certificate1. Below I have mention how to do:

1. Open IIS Click Default web sites.
2. In the right side corner you will see a some setting click "Bindings", you will get a Site Binding window.
3. Then you will get http and https details.
4. In that Click "https" and click edit, then you will get another window Edit Site Bindings.
5. In that window check SSL Certificates.
6. If SSL Certificate = Not Selected select IIS Express Development Certificate.
7. Then stop and Start the IIS.

Issue will be solved.

Answer 8

I have encountered the same error while trying to authenticate access OAuth2 secured Rest API set. API server deployed on VM and was connecting to it using IPSEC VPN. Actually username/password in HTTP header with basic authentication was sent using separate API other than /oauth/token, backend itself was calling http://localhost:8080/api/v0/oauth/token with client secret and returning back token to client. After changing localhost to server's actual local IP , problem disappeared.

Answer 9

This error is generic on swagger side and could be due to many possible reasons. In my case, it was due to connection error. My swagger page was not responsive due to connection issue at my side. I had to refresh it once and worked for me.

Answer 10

Every solution will definitely be correct :) But in my case I have that line in my webconfig file

 <environmentVariable name="ASPNETCORE_HTTPS_PORT" value="5001" />  

I just replace ASPNETCORE_HTTPS_PORT to ASPNETCORE_HTTP_PORT and the error has been gone :). So the final line is

  <environmentVariable name="ASPNETCORE_HTTP_PORT" value="5001" />

replace 5001 with your port.

Answer 11

If it's a .NET Core API, try commenting out the below method call in the StartUp.cs Like below,

// app.UseHttpsRedirection();