Swagger using http instead of https through our NGINX reverse proxy

dbayer · January 13, 2024, 6:33pm

Hello,

I’m using version 4.6 with our NGINX Reverse Proxy.

I’m testing API access through the Swagger interface. It connects properly through HTTPS to see it’s User Interface, but when do a “Try it out”, the Proposed URL is using HTTP, and therefore doesn’t work.

If I modify the URL to use HTTPS with curl on the CLI I get a valid response.

Also, I can only select the HTTP Scheme, there is no HTTPS choice.

One more thing, The title on the Swagger User Interface is “None API”.

Thanks

roberto.rosario · January 16, 2024, 10:10am

Hi,

Version 4.6 uses Django 4.2 which changes how HTTPS is handled.

Try using some of the new CSRF settings added. Specially MAYAN_CSRF_TRUSTED_ORIGINS.

One more thing, The title on the Swagger User Interface is “None API”.

Can you post a cropped screenshot of this to examine it?

dbayer · January 16, 2024, 3:59pm

Hi Roberto,

Thanks for the help. I already had that Variable set

MAYAN_CSRF_TRUSTED_ORIGINS=['https://docs-test.mywebsite.com']

Cedric · January 31, 2024, 4:18pm

Hello @dbayer ,

I had the same issue, I also added the “MAYAN_CSRF_TRUSTED_ORIGINS” variable (like you) but it didn’t work totally.
And I finally fixed it by adding the key “MAYAN_ORGANIZATIONS_INSTALLATION_URL” set with my https URL.
In your case :

MAYAN_ORGANIZATIONS_INSTALLATION_URL=https://docs-test.******

Hope it helps.

dbayer · January 31, 2024, 4:21pm

Thanks for the tip!

I’ll give it a try, and report my results here.

roberto.rosario · January 31, 2024, 4:34pm

The MAYAN_CSRF_TRUSTED_ORIGINS variable is only relevant to HTTPS when using a reverse proxy. Mostly to solve CSRF safety issues.

The variable MAYAN_ORGANIZATIONS_INSTALLATION_URL is required to prefix all links with your domain name. Such as document file or export download links.

Use MAYAN_COMMON_PROJECT_TITLE to change the title in some areas. This variable is being changed/phased out in intervals.

dbayer · February 5, 2024, 9:55pm

This worked to get a proper CURL statement. Which is what matters. Thank you.

But it still says None API in the title.

@roberto.rosario Would that Variable solve the None API issue?

roberto.rosario · February 6, 2024, 12:17am

We are working on version 4.5.9 which should be released in a few hours. It finishes the normalization of the MAYAN_COMMON_PROJECT_TITLE changes introduced in version 4.5. From our tests, this fully fixes the REST API title issue.

roberto.rosario · February 6, 2024, 4:38pm

This issue is now fully resolved in version 4.5.9. Work on version 4.6.1 has started which will include this fix.