Home > database >  Combining Swagger documentation of different projects into one project in Node.js
Combining Swagger documentation of different projects into one project in Node.js

Time:10-15

I am working on two projects namely administrator and authentication. The administrator project is hosted locally on port 3002 and the authentication project is hosted locally on port 3005. I did set up of swagger on administrator using libraries swagger-ui-express and yamljs. The code for setting up swagger in app.js is as below -

 const swaggerUi = require('swagger-ui-express');
 const YAML = require('yamljs');
 const swaggerDocument = YAML.load('./swagger.yml');
 const swaggerOptions = {
   explorer: true,
   validatorUrl: null,
   customCss: '.swagger-ui .topbar { display: none }',
   //  customCssUrl: '/custom.css'
   //  customJs: '/custom.js'
 };
 app.use(
   '/api-docs',
   function (req, res, next) {
     swaggerDocument.host = req.get('host');
     req.swaggerDoc = swaggerDocument;
     next();
   },
   swaggerUi.serve,
   swaggerUi.setup(null, swaggerOptions)
 );

I am able to call the APIs of the Administrator project since the setup of the swagger is in the same project (same server and same port). I have selected the appropriate server(localhost) and port(3005) for the authentication project from the list of server dropdowns. However, when I am trying to call the APIs of the Authentication project from the authentication project, I am getting a CORS error.

enter image description here

I read the documentation swagger documentation for the CORS error. As per the documentation, I added the relevant CORS headers while calling an API and did CORS set up in the backend for the express server as well.

A relevant related question in Java.

CodePudding user response:

Since the message appears in the console(see comments):

Refused to connect to 'localhost:3005/auth/login' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

this means that CSP is interfering and blocks connects. The fact is that 'self' covers standart ports only (80 for http:/ws: and 443 if https:/wss:).
Therefore you have to change default-src 'self'" to the default-src 'self' localhost:3005 (with exact port number) in the Content Security Policy. Since connect-src is omitted, it fallback to the default-src.

May be better to use default-src 'self' localhost:* rule (* means any port number). Browsers treat localhost as safe source (you own device) so is secure enough to allow any ports on localhost.
In this case, fallback directives (img-src, script-src, style-src, frame-src, etc) will not block any sources downloaded from localhost on any port, what can be convenient in development mode.

Note 1: however, if you need to prepare CSP for the production mode, you can place blocked sources in the relevant directives. In this case CSP will be default-src 'self'; connect-src localhost:*; because blocking is observed in the connect-src.

Note 2: Quite possible CSP header default-src 'self' is set by Helmet middleware the latest version of which self-publishes CSP with a default rules.

Page link:https//www.codepudding.com/database/153142.html

Prev:Persist data sent to a Pug template via render
Next:How to read names and grades from a csv file and write mean of them in another csv file?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding