New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"localhost" is not considered a valid host for "openIdConnectUrl" #338
Comments
Thanks for the issue and explanations. It is my preference that we wait on this to see if |
If I understood correctly the issue, it only fixes the order of But fine for me to wait for the next release as there is an easy workaround available. |
Seems Are you open to consider |
Hey @JenswBE after some internal discussion, we decided not to support |
Problem
Linter doesn't like
localhost
inopenIdConnectUrl
Workaround
A simple workaround is to use
127.0.0.1
instead.Possible solutions
After some digging in the source code, I see you're using the helper
isURL
from packagevalidate
to check this url: https://github.com/IBM/openapi-validator/blob/main/src/plugins/validation/oas3/semantic-validators/security-definitions-ibm.js#L168I see 2 solutions to this issue:
{ host_whitelist: ['localhost'] }
as second argument toisURL
. This seems the cleanest solution to me. Unfortunately, there is a related issue and PR. The fix is not yet merged on the latest release, but the option could already be provided. Therefore, the issue will be automatically solved when the version ofvalidate
can be bumped.{ require_tld: false }
as second argument toisURL
. This will immediately solve the issue, but also allow non fully qualified domain names. Depending on how strict you want the check to be, this might be a show stopper.The text was updated successfully, but these errors were encountered: