'Swagger error - Blocked:mixed-content - Spring Open Api 3.0

I have a Java 11 project with spring boot 2.4.0, which was running with swagger 2.0 and we decided to migrate to Open Api 3.0.

Before migration, swagger was working fine, but now there is always a CORS error in swagger ui.

If I go to the Network tab in chrome, the error is (blocked:mixed-content).

There is some prints:

Error that appears on the UI:

Swagger UI ERROR

Error that appears on the network tab:

Error on console

This is the parent version:

Parent spring

And this is the OpenApi 3.0 Version:

Open Api version

There is a cors configuration on my project:

This is the preHandle method on the class that implements HandleInterceptor:

@Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {

        configuraCorsDaResponse(response); //THE METHOD THAT SET UP THE CORS OF OPTIONS

        String header = request.getHeader(HttpHeaders.AUTHORIZATION);

        if (Objects.isNull(header) || header.isEmpty())
            throw new IllegalStateException(HEADER_AUTHORIZATION_NOT_FOUND);

        header = header.trim();
        String tipoToken = header.substring(0,6);
        String token = header.substring(7);

        if (!tipoToken.equals("Bearer"))
            throw new IllegalStateException(HEADER_AUTHORIZATION_NOT_FOUND);

        String[] url = extrairUrl(request);
        String urlRecurso = extrairUrlRecurso(url);

        AccessTokenAutenticadoRequest tokenRequest = new AccessTokenAutenticadoRequest(token, tipoToken, urlRecurso, request.getMethod());

        accessTokenAutenticadoService.autenticarRequisicao(tokenRequest);

        return true;
    }

******

//THE METHOD OF OPTIONS
   private void configuraCorsDaResponse(HttpServletResponse response) {
        response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*");
        response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "POST, GET, PUT, OPTIONS, DELETE");
        response.setHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "3600");
        response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "Authorization, X-requested-with, Content-Type");
    }

And I have other class that implements WebMVCConfigurer that overrides this method:

 @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**");
    }

Is there something I'm missing?

UPDATE:

I've tried to put * on ACCESS_CONTROL_ALLOW_HEADERS but still the same error.

enter image description here

Here are other print of the chrome console:

enter image description here

And finally, there is a print of the Errors tab:

enter image description here

javaspringswaggermixed-contentspringdoc-openapi-ui


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions