You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pinot.apache.org by GitBox <gi...@apache.org> on 2020/08/05 19:17:13 UTC

[GitHub] [incubator-pinot] lgo opened a new issue #5814: Pinot's swagger pages does not work on HTTPS-only environments

lgo opened a new issue #5814:
URL: https://github.com/apache/incubator-pinot/issues/5814


   I've set up a cluster with an environment that only permits HTTPS. Currently, on the `/help` swagger pages the requests will only be made in `http` because the `/swagger.json` specifies `schema: ['http']`.
   
   Digging around, there were past problems with proper support (but it was dealt with in https://github.com/swagger-api/swagger-js/pull/857), and is a non-issue. If the `swagger.json` lists `schema: ['http', 'https']`, then the page will use whichever protocol the current browser page was loaded with.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[GitHub] [incubator-pinot] lgo commented on issue #5814: Pinot's swagger pages does not work on HTTPS-only environments

Posted by GitBox <gi...@apache.org>.

lgo commented on issue #5814:
URL: https://github.com/apache/incubator-pinot/issues/5814#issuecomment-669427246


   Ah, I see where the schemas are encoded: https://github.com/apache/incubator-pinot/blob/bf928e96dcb215a41ccf56b431982579d71b65eb/pinot-controller/src/main/java/org/apache/pinot/controller/api/ControllerAdminApiApplication.java#L148-L152
   
   I reckon that because of the fix linked above, this conditional does not need to be here at all but I'll verify that in a bit.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[GitHub] [incubator-pinot] kishoreg commented on issue #5814: Pinot's swagger pages does not work on HTTPS-only environments

Posted by GitBox <gi...@apache.org>.

kishoreg commented on issue #5814:
URL: https://github.com/apache/incubator-pinot/issues/5814#issuecomment-669440435


   @daniellavoie this was fixed, right?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[GitHub] [incubator-pinot] lgo removed a comment on issue #5814: Pinot's swagger pages does not work on HTTPS-only environments

Posted by GitBox <gi...@apache.org>.

lgo removed a comment on issue #5814:
URL: https://github.com/apache/incubator-pinot/issues/5814#issuecomment-669427246






----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[GitHub] [incubator-pinot] lgo edited a comment on issue #5814: Pinot's swagger pages does not work on HTTPS-only environments

Posted by GitBox <gi...@apache.org>.

lgo edited a comment on issue #5814:
URL: https://github.com/apache/incubator-pinot/issues/5814#issuecomment-692855728


   This has come up against in a different shape after Swagger was bumpted to v3 (#5888). This time, the page does list `HTTP` and `HTTPS` because the Swagger resources list those schemas, but the page does not correctly select the currently used resources which the previous version of Swagger did. Instead it selects the first schema in the list of schemas provided in the resources.
   
   This results in any request having the user error
   ```
   TypeError: Failed to fetch
   ```
   
   While failing due to making an HTTP request, as seen in the logs
   ```
   Mixed Content: The page at 'https://controller-host/help#/Schema/addSchema' was loaded over HTTPS, but requested an insecure resource 'http://controller-host/schemas?override=true'. This request has been blocked; the content must be served over HTTPS.
   (anonymous) @ index.js:1
   ```
   
   <img width="470" alt="Screen Shot 2020-09-15 at 13 15 40" src="https://user-images.githubusercontent.com/1161183/93242979-6999b180-f73c-11ea-8b2f-469dc74c6919.png">
   
   <img width="708" alt="Screen Shot 2020-09-15 at 13 14 48" src="https://user-images.githubusercontent.com/1161183/93242882-4a028900-f73c-11ea-8e7a-e3a1093c9f92.png">
   
   I reckon this might be a similar issue as before and there may be a Swagger option to have it automatically select HTTP vs HTTPS in Swagger UI / Swagger JS.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[GitHub] [incubator-pinot] lgo edited a comment on issue #5814: Pinot's swagger pages does not work on HTTPS-only environments

Posted by GitBox <gi...@apache.org>.

lgo edited a comment on issue #5814:
URL: https://github.com/apache/incubator-pinot/issues/5814#issuecomment-692855728


   This has come up against in a different shape after Swagger was bumpted to v3 (#5888). This time, the page does list `HTTP` and `HTTPS` because the Swagger resources list those schemas, but the page does not correctly select the currently used resources which the previous version of Swagger did. Instead it selects the first schema in the list of schemas provided in the resources.
   
   This results in any request having the user error
   ```
   TypeError: Failed to fetch
   ```
   
   While failing due to making an HTTP request, as seen in the logs
   ```
   Mixed Content: The page at 'https://controller-host/help#/Schema/addSchema' was loaded over HTTPS, but requested an insecure resource 'http://controller-host/schemas?override=true'. This request has been blocked; the content must be served over HTTPS.
   (anonymous) @ index.js:1
   ```
   
   <img width="470" alt="Screen Shot 2020-09-15 at 13 15 40" src="https://user-images.githubusercontent.com/1161183/93242979-6999b180-f73c-11ea-8b2f-469dc74c6919.png">
   
   <img width="708" alt="Screen Shot 2020-09-15 at 13 14 48" src="https://user-images.githubusercontent.com/1161183/93242882-4a028900-f73c-11ea-8e7a-e3a1093c9f92.png">
   
   I reckon this might be a similar issue as before and there may be a Swagger option to have it automatically select HTTP vs HTTPS in Swagger UI / Swagger JS. It is posible to select the HTTPS resource, so this is mostly a usability / conveneience issue.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[GitHub] [incubator-pinot] lgo commented on issue #5814: Pinot's swagger pages does not work on HTTPS-only environments

Posted by GitBox <gi...@apache.org>.

lgo commented on issue #5814:
URL: https://github.com/apache/incubator-pinot/issues/5814#issuecomment-669431412


   I'm not entirely clear on how the swagger resources are enumerated, but it looks like the schema list may be coming from this, at least for the controller (I wasn't clear on where the `BeanConfig` was being used): https://github.com/apache/incubator-pinot/blob/bf928e96dcb215a41ccf56b431982579d71b65eb/pinot-controller/src/main/java/org/apache/pinot/controller/api/ControllerAdminApiApplication.java#L148-L152


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[GitHub] [incubator-pinot] lgo commented on issue #5814: Pinot's swagger pages does not work on HTTPS-only environments

Posted by GitBox <gi...@apache.org>.

lgo commented on issue #5814:
URL: https://github.com/apache/incubator-pinot/issues/5814#issuecomment-692855728


   This has come up against in a different shape after Swagger was bumpted to v3 (#5888). This time, the page does list `HTTP` and `HTTPS` because the Swagger resources list those schemas, but the page does not correctly select the currently used resources which the previous version of Swagger did.
   
   This results in any request having the user error
   ```
   TypeError: Failed to fetch
   ```
   
   While failing due to making an HTTP request, as seen in the logs
   ```
   Mixed Content: The page at 'https://controller-host/help#/Schema/addSchema' was loaded over HTTPS, but requested an insecure resource 'http://controller-host/schemas?override=true'. This request has been blocked; the content must be served over HTTPS.
   (anonymous) @ index.js:1
   ```
   
   <img width="470" alt="Screen Shot 2020-09-15 at 13 15 40" src="https://user-images.githubusercontent.com/1161183/93242979-6999b180-f73c-11ea-8b2f-469dc74c6919.png">
   
   <img width="708" alt="Screen Shot 2020-09-15 at 13 14 48" src="https://user-images.githubusercontent.com/1161183/93242882-4a028900-f73c-11ea-8e7a-e3a1093c9f92.png">
   
   I reckon this might be a similar issue as before and there may be a Swagger option to have it automatically select HTTP vs HTTPS in Swagger UI / Swagger JS.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[GitHub] [incubator-pinot] lgo commented on issue #5814: Pinot's swagger pages does not work on HTTPS-only environments

Posted by GitBox <gi...@apache.org>.

lgo commented on issue #5814:
URL: https://github.com/apache/incubator-pinot/issues/5814#issuecomment-669660367


   That still leaves the broker and server `/api` incorrectly using `http` and making the Swagger UI not usable.
   
   This is mostly a bug with the swagger client's selection of a scheme, which was fixed the PR linked above. Pinot's behind on the Swaggere UI version, but with the fix in Pinot can just specify `schemes: ['http', 'https']` without the need for any configuration value.
   
   The swagger UI version in Pinot is `2.2.2`: https://github.com/apache/incubator-pinot/blob/c2c623aec69b5288c365c843976d464df8c9e480/pom.xml#L898-L899
   
   Which uses `swagger-client` `2.1.18`: https://github.com/swagger-api/swagger-ui/blob/v2.2.2/package.json#L62
   
   The fix is only in the `swagger-client `2.1.22` (https://github.com/linxiaowu66/swagger-js/commit/e35ca11675f9a6121773ca99220e1dc4927bfcc2).


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[GitHub] [incubator-pinot] lgo commented on issue #5814: Pinot's swagger pages does not work on HTTPS-only environments

Posted by GitBox <gi...@apache.org>.

lgo commented on issue #5814:
URL: https://github.com/apache/incubator-pinot/issues/5814#issuecomment-669427910


   (nevermind, I was mistaken -- removing that comment ^)


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[GitHub] [incubator-pinot] daniellavoie commented on issue #5814: Pinot's swagger pages does not work on HTTPS-only environments

Posted by GitBox <gi...@apache.org>.

daniellavoie commented on issue #5814:
URL: https://github.com/apache/incubator-pinot/issues/5814#issuecomment-669444099


   @lgo Swagger will expose HTTPS if you set `controller.query.console.useHttps` to `true` for the controller.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[GitHub] [incubator-pinot] lgo commented on issue #5814: Pinot's swagger pages does not work on HTTPS-only environments

Posted by GitBox <gi...@apache.org>.

lgo commented on issue #5814:
URL: https://github.com/apache/incubator-pinot/issues/5814#issuecomment-669442483


   For what it's worth, I'm currently on a8fbdaeffaf99c1df4258f60ecbbab1f553d7696 (2020/07/29)


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[GitHub] [incubator-pinot] kishoreg closed issue #5814: Pinot's swagger pages does not work on HTTPS-only environments

Posted by GitBox <gi...@apache.org>.

kishoreg closed issue #5814:
URL: https://github.com/apache/incubator-pinot/issues/5814


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[GitHub] [incubator-pinot] lgo edited a comment on issue #5814: Pinot's swagger pages does not work on HTTPS-only environments

Posted by GitBox <gi...@apache.org>.

lgo edited a comment on issue #5814:
URL: https://github.com/apache/incubator-pinot/issues/5814#issuecomment-669427246


   Ah, I see where the schemas are encoded: https://github.com/apache/incubator-pinot/blob/bf928e96dcb215a41ccf56b431982579d71b65eb/pinot-controller/src/main/java/org/apache/pinot/controller/api/ControllerAdminApiApplication.java#L148-L152
   
   I reckon that because of the fix linked above, this conditional does not need to be here at all but I'll verify that (for HTTPS) in a bit.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org