Server URL must be an absolute URL
Issue ID: v3-semantic-server-url
Description
The property url
of the server
object must be an absolute URL.
The Open API Specification (OAS) states that a server
object may have a relative URL but that this indicates that the host location is relative to the location where the OpenAPI document is being served. Because API definitions are uploaded to 42Crunch Platform, not retrieved from URLs, Security Audit cannot infer the host location and thus relative URLs are not acceptable.
For more details, see the OpenAPI Specification.
Example
The following is an example of how this issue could look in your API definition. The server object has been defined, but as a relative URL:
{
"openapi": "3.0.0",
"servers": [
{
"url": "/api"
}
],
"info": {
// ...
}
}
Remediation
Define the URL of the server
object as an absolute URL.
{
"openapi": "3.0.0",
"servers": [
{
"url": "http://petstore.swagger.io/api"
}
],
"info": {
// ...
}
}