Skip to content

Fix OpenAPI server URLs for Aspire scenarios#60673

Merged
wtgodbe merged 3 commits intorelease/9.0from
cs/openapi-servers-fix
Mar 10, 2025
Merged

Fix OpenAPI server URLs for Aspire scenarios#60673
wtgodbe merged 3 commits intorelease/9.0from
cs/openapi-servers-fix

Conversation

@captainsafia
Copy link
Contributor

@captainsafia captainsafia commented Feb 28, 2025
edited
Loading

Description

This PR supports respecting he X-Forwarded-Proto and X-Forwarded-Host headers when generating server URLs in OpenAPI documents. When these headers are present in the request, the OpenAPI document service will use them to generate the correct server URLs instead of using the original host and scheme values derived from the service configuration.

This is particularly useful in environments where the API is behind a proxy, load balancer, or gateway, allowing the generated OpenAPI document to correctly reference the public-facing URL rather than the internal service URL.

Fixes #57332

Customer Impact

Without this change, documents served behind reverse proxies or forwarded endpoints do not reflect the correct service URl, particularly impact for the ASP.NET Core + Aspire scenario. While the issue is easy to workaround, we want a smoother experience with Aspire out-of-the-box.

Regression?

  • Yes
  • No

Risk

  • High
  • Medium
  • Low

Low-risk, becase change as it only affects the generation of server URLs in OpenAPI documents and does not impact the actual API functionality.

Verification

  • Manual (required)
  • Automated

Packaging changes reviewed?

  • Yes
  • No
  • N/A

Safia Abdalla added 2 commits February 28, 2025 22:40
Support resolving OpenAPI server URLs from HttpRequest (#60617)
2f2b731 
* Support resolving OpenAPI server URLs from HttpRequest

* Try passing optional params everywhere
@captainsafia
Fix up handling for forwarded headers
bf991f6
Copilot AI review requested due to automatic review settings February 28, 2025 23:54
@captainsafia captainsafia requested a review from a team as a code owner February 28, 2025 23:54
@ghost ghost added the area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates label Feb 28, 2025
@dotnet-policy-service dotnet-policy-service bot added this to the 9.0.x milestone Feb 28, 2025
Copilot AI reviewed Feb 28, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Overview

This PR fixes the generation of OpenAPI server URLs in proxy scenarios by properly using X-Forwarded-Proto and X-Forwarded-Host headers to compute the externally accessible URLs.

  • Adds new tests to validate behavior with different forwarded header values.
  • Updates the OpenApiDocumentService API to accept an optional HttpRequest parameter and adjust server URL construction accordingly.
  • Modifies the endpoint extension to propagate the HttpRequest to the document service.

Reviewed Changes

File Description
src/OpenApi/test/Microsoft.AspNetCore.OpenApi.Tests/Services/OpenApiDocumentService/OpenApiDocumentServiceTests.Servers.cs Introduces tests validating the use of forwarded headers and expected URL generation.
src/OpenApi/src/Services/OpenApiDocumentService.cs Updates method signatures and logic to use the optional HttpRequest for URL generation.
src/OpenApi/test/Microsoft.AspNetCore.OpenApi.Tests/Services/OpenApiDocumentServiceTestsBase.cs Updates verification calls to pass null for the httpRequest parameter where not applicable.
src/OpenApi/src/Extensions/OpenApiEndpointRouteBuilderExtensions.cs Adjusts method calls to pass the HttpRequest in order to leverage the new URL generation logic.

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

@captainsafia captainsafia added feature-openapi area-minimal Includes minimal APIs, endpoint filters, parameter binding, request delegate generator etc Servicing-consider Shiproom approval is required for the issue labels Feb 28, 2025
This was referenced Mar 1, 2025
Open
Open
@captainsafia captainsafia mentioned this pull request Mar 3, 2025
Closed
@wtgodbe wtgodbe added Servicing-approved Shiproom has approved the issue and removed Servicing-consider Shiproom approval is required for the issue labels Mar 10, 2025
@wtgodbe
Copy link
Member

wtgodbe commented Mar 10, 2025

Approved over email

@wtgodbe wtgodbe merged commit 561e31a into release/9.0 Mar 10, 2025
23 of 25 checks passed
@wtgodbe wtgodbe deleted the cs/openapi-servers-fix branch March 10, 2025 20:01
@dotnet-policy-service dotnet-policy-service bot modified the milestones: 9.0.x, 9.0.4 Mar 10, 2025
@Zylvian Zylvian mentioned this pull request Mar 12, 2025
Closed
@rnelson rnelson mentioned this pull request Apr 9, 2025
Merged
This was referenced Jul 21, 2025
Closed
Closed
Closed
Closed
Closed
This was referenced Jan 8, 2026
Closed
Merged
Closed
Closed
Merged
Closed
Open
Closed
Closed
Closed
Closed
This was referenced Jan 17, 2026
Open
Open
Open
Open
Open
Open
Open
Open
Open
Merged
Open
Open
Open
Open
Open
Open
This was referenced Jan 30, 2026
Closed
Open
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@BrennanConroy BrennanConroy BrennanConroy approved these changes

Assignees

No one assigned

Labels

area-minimal Includes minimal APIs, endpoint filters, parameter binding, request delegate generator etc area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates feature-openapi Servicing-approved Shiproom has approved the issue

Projects

None yet

Milestone

9.0.4

Development

Successfully merging this pull request may close these issues.

3 participants

@captainsafia @wtgodbe @BrennanConroy