fix(swagger): support URL prefix via APPLICATION_ROOT in OpenAPI and Swagger UI #34407
+124
−2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
![korbit-ai[bot]](https://avatars.githubusercontent.com/in/322216?s=60&v=4){kind=small}
There was a problem hiding this comment.
Review by Korbit AI
Korbit automatically attempts to detect when you fix issues in new commits.
| Category | Issue | Status |
|---|---|---|
 |
Unsafe Use of Host Header in Server URL Construction ▹ view | 🧠 Incorrect |
Files scanned
| File Path | Reviewed |
|---|---|
| superset/openapi/init.py | ✅ |
| superset/openapi/manager.py | ✅ |
| superset/initialization/init.py | ✅ |
| superset/config.py | ✅ |
Explore our documentation to understand the languages and file types we support and the files we ignore.
Check out our docs on how you can make Korbit work best for you and your team.
Comment on lines
+69
to
+71
| servers = current_app.config.get( | ||
| "FAB_OPENAPI_SERVERS", [{"url": request.host_url.rstrip("/")+current_app.config.get("APPLICATION_ROOT","/")}] | ||
| ) |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR fixes #33304 by adding support for Superset deployments behind a URL prefix (e.g., when APPLICATION_ROOT or SUPERSET_APP_ROOT is set) in both the OpenAPI specification and the Swagger UI.
Motivation
Currently, when Superset is deployed behind a reverse proxy with a URL prefix, the Swagger UI breaks because it does not correctly generate the OpenAPI server URLs or locate the spec file using the prefix. This makes it impossible to use the Swagger-based API documentation in such environments.
Changes
Introduced a new SupersetOpenApi class to expose OpenAPI specs per version at /api//_openapi, dynamically resolving and registering API views.
Introduced a new SupsersetSwaggerView to render the Swagger UI HTML page with the correct openapi_uri, taking APPLICATION_ROOT into account.
Reused the existing Swagger HTML template (swagger.html), only modifying how it receives the OpenAPI URL.
Provided fallbacks to default behavior for backward compatibility (no prefix set).
Ensured compatibility with both prefixed and non-prefixed deployments.
How to Test
Set APPLICATION_ROOT = "/myprefix"
Visit /myprefix/swagger/v1 and confirm:
Swagger UI loads correctly
OpenAPI spec is loaded from /myprefix/api/v1/_openapi
"Try It Out" works for all endpoints
Related Issues
Fixes: #33304