Skip to content

Microsoft.AspNetCore.OpenApi generates bad server list (no domain), breaking Swagger and Scalar #61252

Closed
@burnchar

Description

@burnchar

Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

app.MapOpenApi();/services.AddOpenApi(); (Microsoft.AspNetCore.OpenApi 9.0.3 in a .NET 9 web application) generates a bad server list in the OpenAPI document which breaks all systems that use it when an HTTPS cert is used.

Generates:

 "servers": [
    {
      "url": "https://*:10000/"
    },
    {
      "url": "https://valen:10000/"
    }
  ],...

But it should be:

 "servers": [
    { 
      "url": "https://valen.mydomain.com:10000/" 
    }
  ],...

Image

Because it is missing the server's domain and ".com", certs that authenticate "*.mydomain.com" fail and the user sees a completely confusing CORS error when using Swagger, and nothing at all in Scalar.

When I switch back to Swashbuckle to generate the OpenAPI document, that document has no servers list at all. No Swagger drop menu exists. All links are relative and have no issue. Generated URLs for API calls are correct.
It is unclear how to fix or remove the server list short of creating a document transformer. The deployment process (from Rider) makes no obvious use or configuration of environment variables like ASPNETCORE_URLS, nor does the code have any special Kestrel configuration.
The list of servers appears to come from, or at least be related to, IIS bindings:

Image
These bindings work perfectly for every application that does not use Microsoft.AspNetCore.OpenApi.

Expected Behavior

One of:

  • Option to get rid of servers list
  • Smarter handling of FQDN

Some documentation regarding how Microsoft.AspNetCore.OpenApi handles server names would be helpful. I am unable to find such documentation.

Steps To Reproduce

  1. Set up an IIS server with bindings as shown and a *.domain.com cert. In my case, we have multiple servers "valen1", "valen2", which are accessed through HAProxy, but the issue occurs even when we visit a specific server.
  2. Deploy an application to that server which uses Swagger or Scalar. For Swagger, the endpoint should be set to "/openapi/v1.json".
  3. View the OpenAPI document and notice the bad server list which is missing the server name.
  4. Observe that the APIs themselves work without issue, but that Swagger and Scalar try to use the bad server list
  5. Observe that the URLs that are generated due to the bad data are invalid, e.g. https://%2A:10000/SomeApi

Exceptions (if any)

<html>
<body>
<!--StartFragment-->
Failed to fetch.Possible Reasons:CORSNetwork FailureURL scheme must be "http" or "https" for CORS request.
--


<!--EndFragment-->
</body>
</html>

(The problem has nothing to do with CORS)

.NET Version

9.0.201

Anything else?

  • JetBrains Rider 2024.3.6
  • No special configuration for Kestrel or special configuration of env vars
  • Windows Server 2019 and IIS as reverse proxy

C:\Users\cb892961>dotnet --info
.NET SDK:
Version: 9.0.201
Commit: 071aaccdc2
Workload version: 9.0.200-manifests.21502d11
MSBuild version: 17.13.13+1c2026462

Runtime Environment:
OS Name: Windows
OS Version: 10.0.19045
OS Platform: Windows
RID: win-x64
Base Path: C:\Program Files\dotnet\sdk\9.0.201\

.NET workloads installed:
[maui-windows]
Installation Source: VS 17.10.35027.167
Manifest Version: 9.0.0/9.0.100
Manifest Path: C:\Program Files\dotnet\sdk-manifests\9.0.100\microsoft.net.sdk.maui\9.0.0\WorkloadManifest.json
Install Type: Msi

[maccatalyst]
Installation Source: VS 17.10.35027.167
Manifest Version: 18.0.9617/9.0.100
Manifest Path: C:\Program Files\dotnet\sdk-manifests\9.0.100\microsoft.net.sdk.maccatalyst\18.0.9617\WorkloadManifest.json
Install Type: Msi

[ios]
Installation Source: VS 17.10.35027.167
Manifest Version: 18.0.9617/9.0.100
Manifest Path: C:\Program Files\dotnet\sdk-manifests\9.0.100\microsoft.net.sdk.ios\18.0.9617\WorkloadManifest.json
Install Type: Msi

[android]
Installation Source: VS 17.10.35027.167
Manifest Version: 35.0.7/9.0.100
Manifest Path: C:\Program Files\dotnet\sdk-manifests\9.0.100\microsoft.net.sdk.android\35.0.7\WorkloadManifest.json
Install Type: Msi

[aspire]
Installation Source: VS 17.10.35027.167
Manifest Version: 8.2.2/8.0.100
Manifest Path: C:\Program Files\dotnet\sdk-manifests\8.0.100\microsoft.net.sdk.aspire\8.2.2\WorkloadManifest.json
Install Type: Msi

Configured to use loose manifests when installing new manifests.

Host:
Version: 9.0.3
Architecture: x64
Commit: 831d23e561

.NET SDKs installed:
7.0.100 [C:\Program Files\dotnet\sdk]
8.0.303 [C:\Program Files\dotnet\sdk]
9.0.201 [C:\Program Files\dotnet\sdk]

.NET runtimes installed:
Microsoft.AspNetCore.App 6.0.32 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 7.0.0 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 7.0.20 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 8.0.7 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 9.0.3 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.NETCore.App 6.0.11 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 6.0.32 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 6.0.36 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 7.0.0 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 7.0.20 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 8.0.7 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 8.0.14 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 9.0.3 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.WindowsDesktop.App 6.0.11 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 6.0.32 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 6.0.36 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 7.0.0 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 7.0.20 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 8.0.7 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 8.0.14 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 9.0.3 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]

Other architectures found:
x86 [C:\Program Files (x86)\dotnet]
registered at [HKLM\SOFTWARE\dotnet\Setup\InstalledVersions\x86\InstallLocation]

Environment variables:
Not set

global.json file:
Not found

Learn more:
https://aka.ms/dotnet/info

Download .NET:
https://aka.ms/dotnet/download

Metadata

Metadata

Assignees

No one assigned

    Labels

    area-minimalIncludes minimal APIs, endpoint filters, parameter binding, request delegate generator etcfeature-openapi

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions