-
Notifications
You must be signed in to change notification settings - Fork 966
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Self host swagger JS dependencies #18081
Comments
Seconding this, it also won't work for TREs and similar air-gapped environments and leaks information about our visitors. We should self host this like we do for the rest of the JS. I'm glad there was a certificate issue, might not have noticed otherwise that the JS comes from a third party domain. (And especially JS that might have access to user API keys, even if it's a trustworthy party like jsdeliver, since we aren't using SRI hashes to ensure the validity of that file at all, just a plain script tag) |
Do you want to open that issue at FastAPI ? I don't think there's anything we can do. It also works for me on all devices. |
@mvdbeek fastapi is generating this? |
yes |
oof. i'd expect at least SRI hashes then, yikes. |
Someone reports a similar issue (different flavour of firewall) and the suggested answer is an additional requirement. tiangolo/fastapi#4924 (comment) every similar question seems to receive that as an answer, the discussion moved to 'discussions' and the underlying issue never fixed or closed as 'wontfix'. |
Aha, it sounds like we can implement this ourselves, by passing |
update:
|
misunderstood, we are agreed, should be self hosted. |
We should provide self-hosted JS libraries for OpenAPI docs
Describe the bug
usegalaxy.*/api/docs
is not loading for me:
The issue is an invalid certificate for a Cloudflare CDN server, it seems to be expired in 2020.
After googleing it, I found this:
https://community.cloudflare.com/t/jsdelivr-expired-certificate-may-2024/650543
and
jsdelivr/jsdelivr#18565
It could be a bigger issue.
Sure we can not do anything about it and CDNs should always work, but in this case I was wondering if it is really needed
or if we could serve this with our own servers?
Galaxy Version and/or server at which you observed the bug
Galaxy Version: 24.0
all 3 usegalaxy.* servers
Browser and Operating System
Operating System: Linux, macOS
Browser: Firefox, Chrome-based, Safari
Firefox 125.2 (fedora linux 39)
Chromium 124.0.6367.91 (fedora linux 39)
Safari on iPadOS 17.4.1
To Reproduce
Steps to reproduce the behavior:
Maybe it is location dependent, but otherwise the steps are quite obivous
Expected behavior
swagger api docs should load
The text was updated successfully, but these errors were encountered: