Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTP to HTTPS redirection breaks remote reference resolution #694

Open
mxr576 opened this issue Nov 9, 2022 · 2 comments
Open

HTTP to HTTPS redirection breaks remote reference resolution #694

mxr576 opened this issue Nov 9, 2022 · 2 comments

Comments

@mxr576
Copy link

mxr576 commented Nov 9, 2022

There is an HTTP to HTTPS redirect for every http://asyncapi.com... URL to https://asyncapi.com... which breaks the current implementation.

Minimal code

<?php

declare(strict_types = 1);

require __DIR__ . '/vendor/autoload.php';

$data = json_decode(file_get_contents('https://raw.githubusercontent.com/asyncapi/spec/2.0.0/examples/2.0.0/correlation-id.yml'));

// Validate
$validator = new JsonSchema\Validator;
$validator->validate($data, (object)['$ref' => 'https://raw.githubusercontent.com/asyncapi/spec-json-schemas/77c40b5aaa5515de537de3ea7eb383f4076c02d5/schemas/2.0.0.json']);

if ($validator->isValid()) {
  echo "The supplied JSON validates against the schema.\n";
} else {
  echo "JSON does not validate. Violations:\n";
  foreach ($validator->getErrors() as $error) {
    printf("[%s] %s\n", $error['property'], $error['message']);
  }
}

Unexpected result

 PHP Fatal error:  Uncaught JsonSchema\Exception\InvalidSchemaMediaTypeException: Media type application/schema+json expected in /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/Uri/UriRetriever.php:92
Stack trace:
#0 /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/Uri/UriRetriever.php(209): JsonSchema\Uri\UriRetriever->confirmMediaType()
#1 /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/Uri/UriRetriever.php(181): JsonSchema\Uri\UriRetriever->loadSchema()
#2 /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/SchemaStorage.php(52): JsonSchema\Uri\UriRetriever->retrieve()
#3 /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/SchemaStorage.php(115): JsonSchema\SchemaStorage->addSchema()
#4 /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/SchemaStorage.php(138): JsonSchema\SchemaStorage->getSchema()
#5 /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/SchemaStorage.php(162): JsonSchema\SchemaStorage->resolveRef()
#6 /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/Constraint.php(123): JsonSchema\SchemaStorage->resolveRefSchema()
#7 /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/SchemaConstraint.php(92): JsonSchema\Constraints\Constraint->checkUndefined()
#8 /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/Validator.php(63): JsonSchema\Constraints\SchemaConstraint->check()
#9 /mnt/files/local_mount/build/foo.php(16): JsonSchema\Validator->validate()
#10 {main}
  thrown in /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/Uri/UriRetriever.php on line 92

Additional info

Version

$ composer show justinrainbow/json-schema | grep version
versions : * 5.2.12
@DannyvdSluijs
Copy link

This is due to the FileGetContents [link] which uses the $http_response_headers predefined variable. One of the comments warns about the headers being kept when doing a redirect.
Which effectively causes the matching of the content type being done on the first header with that name, in you specific case this is the Content-Type: text/plain; charset=utf-8 for the HTTP 301.

There seems to be two options around this:

  1. Use another AbstractRetriever implementation such as the Curl based one but that might cause issues with schema's which are a file reference instead of a url reference.
  2. Create a PR I took the liberty of creating a PR for you. You can checkout my PR and test if the changes work for you. Please leave a comment if this does as that would help the review process.

@mxr576
Copy link
Author

mxr576 commented Feb 7, 2024

Thanks, sent my feedback on the PR!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants