Skip to content

Fix OpenAPI server URLs for Aspire scenarios #60673

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 10, 2025
Merged

Fix OpenAPI server URLs for Aspire scenarios #60673

merged 3 commits into from
Mar 10, 2025
+63 −8

Conversation

captainsafia
Copy link
Member

@captainsafia captainsafia commented Feb 28, 2025
edited
Loading

Description

This PR supports respecting he X-Forwarded-Proto and X-Forwarded-Host headers when generating server URLs in OpenAPI documents. When these headers are present in the request, the OpenAPI document service will use them to generate the correct server URLs instead of using the original host and scheme values derived from the service configuration.

This is particularly useful in environments where the API is behind a proxy, load balancer, or gateway, allowing the generated OpenAPI document to correctly reference the public-facing URL rather than the internal service URL.

Fixes #57332

Customer Impact

Without this change, documents served behind reverse proxies or forwarded endpoints do not reflect the correct service URl, particularly impact for the ASP.NET Core + Aspire scenario. While the issue is easy to workaround, we want a smoother experience with Aspire out-of-the-box.

Regression?

  • Yes
  • No

Risk

  • High
  • Medium
  • Low

Low-risk, becase change as it only affects the generation of server URLs in OpenAPI documents and does not impact the actual API functionality.

Verification

  • Manual (required)
  • Automated

Packaging changes reviewed?

  • Yes
  • No
  • N/A

Sorry, something went wrong.

@captainsafia
Support resolving OpenAPI server URLs from HttpRequest (#60617)
2f2b731 
* Support resolving OpenAPI server URLs from HttpRequest

* Try passing optional params everywhere
@captainsafia
Fix up handling for forwarded headers
Loading
Loading status checks…
bf991f6
@Copilot Copilot AI review requested due to automatic review settings February 28, 2025 23:54
@captainsafia captainsafia requested a review from a team as a code owner February 28, 2025 23:54
@dotnet-issue-labeler dotnet-issue-labeler bot added the area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates label Feb 28, 2025
@dotnet-policy-service dotnet-policy-service bot added this to the 9.0.x milestone Feb 28, 2025
Copilot
Copilot AI reviewed Feb 28, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Overview

This PR fixes the generation of OpenAPI server URLs in proxy scenarios by properly using X-Forwarded-Proto and X-Forwarded-Host headers to compute the externally accessible URLs.

  • Adds new tests to validate behavior with different forwarded header values.
  • Updates the OpenApiDocumentService API to accept an optional HttpRequest parameter and adjust server URL construction accordingly.
  • Modifies the endpoint extension to propagate the HttpRequest to the document service.

Reviewed Changes

File Description
src/OpenApi/test/Microsoft.AspNetCore.OpenApi.Tests/Services/OpenApiDocumentService/OpenApiDocumentServiceTests.Servers.cs Introduces tests validating the use of forwarded headers and expected URL generation.
src/OpenApi/src/Services/OpenApiDocumentService.cs Updates method signatures and logic to use the optional HttpRequest for URL generation.
src/OpenApi/test/Microsoft.AspNetCore.OpenApi.Tests/Services/OpenApiDocumentServiceTestsBase.cs Updates verification calls to pass null for the httpRequest parameter where not applicable.
src/OpenApi/src/Extensions/OpenApiEndpointRouteBuilderExtensions.cs Adjusts method calls to pass the HttpRequest in order to leverage the new URL generation logic.

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

@captainsafia captainsafia added feature-openapi area-minimal Includes minimal APIs, endpoint filters, parameter binding, request delegate generator etc Servicing-consider Shiproom approval is required for the issue labels Feb 28, 2025
This was referenced Mar 1, 2025
Open
Open
@captainsafia captainsafia mentioned this pull request Mar 3, 2025
Closed
@captainsafia
Revert "Fix up handling for forwarded headers"
Loading
Loading status checks…
6cb8cdc 
This reverts commit bf991f6.
@wtgodbe wtgodbe added Servicing-approved Shiproom has approved the issue and removed Servicing-consider Shiproom approval is required for the issue labels Mar 10, 2025
@wtgodbe
Copy link
Member

wtgodbe commented Mar 10, 2025

Approved over email

@wtgodbe wtgodbe merged commit 561e31a into release/9.0 Mar 10, 2025
23 of 25 checks passed
@wtgodbe wtgodbe deleted the cs/openapi-servers-fix branch March 10, 2025 20:01
@dotnet-policy-service dotnet-policy-service bot modified the milestones: 9.0.x, 9.0.4 Mar 10, 2025
@Zylvian Zylvian mentioned this pull request Mar 12, 2025
Closed
@rnelson rnelson mentioned this pull request Apr 9, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot

@BrennanConroy BrennanConroy

Assignees
No one assigned
Labels
area-minimal Includes minimal APIs, endpoint filters, parameter binding, request delegate generator etc area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates feature-openapi Servicing-approved Shiproom has approved the issue
Projects
None yet
Milestone
9.0.4
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@captainsafia @wtgodbe @BrennanConroy