server-urls

server-urls

This rule warns if a server defined by an OpenAPI schema uses HTTP protocol while not being from localhost, or uses upper-case letters.

Rule Details

Using HTTP for non-localhost servers can lead to security issues, and using upper-case letters in URLs can lead to potential case sensitivity problems.

The server-urls rule is designed to ensure that all servers defined in an OpenAPI schema use HTTPS protocol unless they are from localhost, and that they do not use upper-case letters.

Configuration

None.

Examples

Good.

servers:
    - url: https://api.example.com/v1
        description: Production server
    - url: http://localhost:8080/v1
        description: Local development server

Bad.

servers:
    - url: http://api.example.com/v1
        description: Production server
    - url: https://API.EXAMPLE.COM/v1
        description: Production server with upper-case letters

When Not to Use It

We recommend to always enable this rule.

Compatibility

This rule is compatible with all OpenAPI 3.x versions.

← Back to Index