Description
Is there an existing issue for this?
- I have searched the existing issues
Describe the bug
app.MapOpenApi();
/services.AddOpenApi();
(Microsoft.AspNetCore.OpenApi 9.0.3 in a .NET 9 web application) generates a bad server list in the OpenAPI document which breaks all systems that use it when an HTTPS cert is used.
Generates:
"servers": [
{
"url": "https://*:10000/"
},
{
"url": "https://valen:10000/"
}
],...
But it should be:
"servers": [
{
"url": "https://valen.mydomain.com:10000/"
}
],...
Because it is missing the server's domain and ".com", certs that authenticate "*.mydomain.com" fail and the user sees a completely confusing CORS error when using Swagger, and nothing at all in Scalar.
When I switch back to Swashbuckle to generate the OpenAPI document, that document has no servers list at all. No Swagger drop menu exists. All links are relative and have no issue. Generated URLs for API calls are correct.
It is unclear how to fix or remove the server list short of creating a document transformer. The deployment process (from Rider) makes no obvious use or configuration of environment variables like ASPNETCORE_URLS, nor does the code have any special Kestrel configuration.
The list of servers appears to come from, or at least be related to, IIS bindings:
These bindings work perfectly for every application that does not use Microsoft.AspNetCore.OpenApi.
Expected Behavior
One of:
- Option to get rid of servers list
- Smarter handling of FQDN
Some documentation regarding how Microsoft.AspNetCore.OpenApi handles server names would be helpful. I am unable to find such documentation.
Steps To Reproduce
- Set up an IIS server with bindings as shown and a *.domain.com cert. In my case, we have multiple servers "valen1", "valen2", which are accessed through HAProxy, but the issue occurs even when we visit a specific server.
- Deploy an application to that server which uses Swagger or Scalar. For Swagger, the endpoint should be set to "/openapi/v1.json".
- View the OpenAPI document and notice the bad server list which is missing the server name.
- Observe that the APIs themselves work without issue, but that Swagger and Scalar try to use the bad server list
- Observe that the URLs that are generated due to the bad data are invalid, e.g.
https://%2A:10000/SomeApi
Exceptions (if any)
<html>
<body>
<!--StartFragment-->
Failed to fetch.Possible Reasons:CORSNetwork FailureURL scheme must be "http" or "https" for CORS request.
--
<!--EndFragment-->
</body>
</html>
(The problem has nothing to do with CORS)
.NET Version
9.0.201
Anything else?
- JetBrains Rider 2024.3.6
- No special configuration for Kestrel or special configuration of env vars
- Windows Server 2019 and IIS as reverse proxy
C:\Users\cb892961>dotnet --info
.NET SDK:
Version: 9.0.201
Commit: 071aaccdc2
Workload version: 9.0.200-manifests.21502d11
MSBuild version: 17.13.13+1c2026462
Runtime Environment:
OS Name: Windows
OS Version: 10.0.19045
OS Platform: Windows
RID: win-x64
Base Path: C:\Program Files\dotnet\sdk\9.0.201\
.NET workloads installed:
[maui-windows]
Installation Source: VS 17.10.35027.167
Manifest Version: 9.0.0/9.0.100
Manifest Path: C:\Program Files\dotnet\sdk-manifests\9.0.100\microsoft.net.sdk.maui\9.0.0\WorkloadManifest.json
Install Type: Msi
[maccatalyst]
Installation Source: VS 17.10.35027.167
Manifest Version: 18.0.9617/9.0.100
Manifest Path: C:\Program Files\dotnet\sdk-manifests\9.0.100\microsoft.net.sdk.maccatalyst\18.0.9617\WorkloadManifest.json
Install Type: Msi
[ios]
Installation Source: VS 17.10.35027.167
Manifest Version: 18.0.9617/9.0.100
Manifest Path: C:\Program Files\dotnet\sdk-manifests\9.0.100\microsoft.net.sdk.ios\18.0.9617\WorkloadManifest.json
Install Type: Msi
[android]
Installation Source: VS 17.10.35027.167
Manifest Version: 35.0.7/9.0.100
Manifest Path: C:\Program Files\dotnet\sdk-manifests\9.0.100\microsoft.net.sdk.android\35.0.7\WorkloadManifest.json
Install Type: Msi
[aspire]
Installation Source: VS 17.10.35027.167
Manifest Version: 8.2.2/8.0.100
Manifest Path: C:\Program Files\dotnet\sdk-manifests\8.0.100\microsoft.net.sdk.aspire\8.2.2\WorkloadManifest.json
Install Type: Msi
Configured to use loose manifests when installing new manifests.
Host:
Version: 9.0.3
Architecture: x64
Commit: 831d23e561
.NET SDKs installed:
7.0.100 [C:\Program Files\dotnet\sdk]
8.0.303 [C:\Program Files\dotnet\sdk]
9.0.201 [C:\Program Files\dotnet\sdk]
.NET runtimes installed:
Microsoft.AspNetCore.App 6.0.32 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 7.0.0 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 7.0.20 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 8.0.7 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 9.0.3 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.NETCore.App 6.0.11 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 6.0.32 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 6.0.36 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 7.0.0 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 7.0.20 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 8.0.7 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 8.0.14 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 9.0.3 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.WindowsDesktop.App 6.0.11 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 6.0.32 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 6.0.36 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 7.0.0 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 7.0.20 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 8.0.7 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 8.0.14 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 9.0.3 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Other architectures found:
x86 [C:\Program Files (x86)\dotnet]
registered at [HKLM\SOFTWARE\dotnet\Setup\InstalledVersions\x86\InstallLocation]
Environment variables:
Not set
global.json file:
Not found
Learn more:
https://aka.ms/dotnet/info
Download .NET:
https://aka.ms/dotnet/download