fix(swagger-ui): Use relative redirect to add trailing slash#1530
Open
boblehest wants to merge 1 commit into
Open
fix(swagger-ui): Use relative redirect to add trailing slash#1530boblehest wants to merge 1 commit into
boblehest wants to merge 1 commit into
Conversation
Given SwaggerUi::new("/path"), we would previously redirect requests
for `/path` to `/path/` (adding the trailing slash). Using an absolute
redirect path like this can cause issues when the HTTP server is behind
a proxy doing path rewriting.
Example scenario detailing the issue:
Say you have a Rust application which exposes a HTTP server with
`utoipa-swagger-ui` at path `/path/to/swagger/`. The server is
available at hostname `my.server`.
You also have a proxy server at `my.proxy`, which handles incoming requests
to the path `/api/...` by stripping the path prefix `/api`, and
forwarding the request to `my.server`.
Then you do the following:
1. You send a request to `my.proxy/api/path/to/swagger`
2. The server at `my.proxy` forwards the request to
`my.server/path/to/swagger` (note the stripped `/api` prefix)
3. The server at `my.server` redirects it to `/path/to/swagger/`
(to "add a trailing slash")
4. The client then follows this redirect, sending a new request to
`my.proxy/path/to/swagger/`
5. The request fails, because the proxy does not serve anything at this
path (the path has no `/api/` prefix).
Solution:
Redirecting to the relative path `swagger/`* should be more robust,
as it more precisely expresses the intent of simply adding a slash to
the end of the path, instead of replacing the entire path.
*Or more generally, redirecting to `X/` where `X` is the last path
segment of the configured swagger-ui path.
Author
|
There are some previous issues which discuss serving SwaggerUi behind a proxy: #842 and #856 . I've personally had two issues when trying to serve it being a proxy that does path rewriting. This PR fixes one of them (people forgetting to add the trailing slash, getting redirected to a broken URL, then coming to ask me why my API doesn't host SwaggerUi). The other problem I've run into is SwaggerUi not finding |
juhaku
reviewed
May 25, 2026
juhaku
left a comment
Owner
There was a problem hiding this comment.
This does this for axum and rocket, but not for actix-web. Was it already implemented or is it missing by design? Also a CHANGELOG.md entry could be added to utiopa-swagger-ui You can look example from utoipa-gen.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Given SwaggerUi::new("/path"), we would previously redirect requests for
/pathto/path/(adding the trailing slash). Using an absolute redirect path like this can cause issues when the HTTP server is behind a proxy doing path rewriting.Example scenario detailing the issue:
Say you have a Rust application which exposes a HTTP server with
utoipa-swagger-uiat path/path/to/swagger/. The server is available at hostnamemy.server.You also have a proxy server at
my.proxy, which handles incoming requests to the path/api/...by stripping the path prefix/api, and forwarding the request tomy.server.Then you do the following:
my.proxy/api/path/to/swaggermy.proxyforwards the request tomy.server/path/to/swagger(note the stripped/apiprefix)my.serverredirects it to/path/to/swagger/(to "add a trailing slash")my.proxy/path/to/swagger//api/prefix).Solution:
Redirecting to the relative path
swagger/* should be more robust, as it more precisely expresses the intent of simply adding a slash to the end of the path, instead of replacing the entire path.*Or more generally, redirecting to
X/whereXis the last path segment of the configured swagger-ui path.