This PR supports respecting he X-Forwarded-Proto and X-Forwarded-Host headers when generating server URLs in OpenAPI documents. When these headers are present in the request, the OpenAPI document service will use them to generate the correct server URLs instead of using the original host and scheme values derived from the service configuration.

This is particularly useful in environments where the API is behind a proxy, load balancer, or gateway, allowing the generated OpenAPI document to correctly reference the public-facing URL rather than the internal service URL.

Fixes#57332

Customer Impact

Without this change, documents served behind reverse proxies or forwarded endpoints do not reflect the correct service URl, particularly impact for the ASP.NET Core + Aspire scenario. While the issue is easy to workaround, we want a smoother experience with Aspire out-of-the-box.

Regression?

Risk

High
Medium
Low

Low-risk, becase change as it only affects the generation of server URLs in OpenAPI documents and does not impact the actual API functionality.

Verification

Manual (required)
Automated

Packaging changes reviewed?

captainsafia added2 commits

February 28, 2025 22:40

Support resolving OpenAPI server URLs from HttpRequest (#60617)

2f2b731

* Support resolving OpenAPI server URLs from HttpRequest* Try passing optional params everywhere

Fix up handling for forwarded headers

bf991f6

CopilotAI review requested due to automatic review settings

February 28, 2025 23:54

captainsafia requested a review froma team as acode owner

February 28, 2025 23:54

ghost added the area-mvcIncludes: MVC, Actions and Controllers, Localization, CORS, most templates label

Feb 28, 2025

dotnet-policy-servicebot added this to the9.0.x milestone

Feb 28, 2025

CopilotAI reviewed

Feb 28, 2025

View reviewed changes

Copy link

Contributor

CopilotAI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

PR Overview

This PR fixes the generation of OpenAPI server URLs in proxy scenarios by properly using X-Forwarded-Proto and X-Forwarded-Host headers to compute the externally accessible URLs.

Adds new tests to validate behavior with different forwarded header values.
Updates the OpenApiDocumentService API to accept an optional HttpRequest parameter and adjust server URL construction accordingly.
Modifies the endpoint extension to propagate the HttpRequest to the document service.

Reviewed Changes

File	Description
src/OpenApi/test/Microsoft.AspNetCore.OpenApi.Tests/Services/OpenApiDocumentService/OpenApiDocumentServiceTests.Servers.cs	Introduces tests validating the use of forwarded headers and expected URL generation.
src/OpenApi/src/Services/OpenApiDocumentService.cs	Updates method signatures and logic to use the optional HttpRequest for URL generation.
src/OpenApi/test/Microsoft.AspNetCore.OpenApi.Tests/Services/OpenApiDocumentServiceTestsBase.cs	Updates verification calls to pass null for the httpRequest parameter where not applicable.
src/OpenApi/src/Extensions/OpenApiEndpointRouteBuilderExtensions.cs	Adjusts method calls to pass the HttpRequest in order to leverage the new URL generation logic.

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.