The Swagger/OpenAPI view/definition[0] for Shavar is only implemented in YAML.

For reference, I'm using http://shavar.stage.mozaws.net/__api__ - it returns an api file of content-type: application/x-yaml

AFAICT, it should also/primarily return its Swagger/OpenAPI definition file as JSON[1]; I ran into this as a problem when trying to use the OWASP ZAP OpenAPI add-on, to import, spider, and scan Shavar: https://zaproxy.blogspot.com/2017/04/exploring-apis-with-zap.html

As an additional example:

1. Load http://editor.swagger.io/
2. File | Import URL
3. Input http://shavar.stage.mozaws.net/__api__

Actual Results:

"No spec provided." is returned

Expected Results:

If you input Kinto's definition URL, https://kinto.dev.mozaws.net/v1/__api__ you get a successful representation of its imported definition file, etc.

Thanks!

[0] https://github.com/mozilla-services/shavar/blob/1a92c9bcf7c5dc82f6a119699f42b1334622501f/shavar/views/swagger.py
[1] https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#specification
[2] https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#file-structure

/cc @psiinon @tarekziade

@stephendonner the ZAP add-on should already support yaml - we have tests for it that currently pass ;) https://github.com/zaproxy/zap-extensions/blob/alpha/test/resources/org/zaproxy/zap/extension/openapi/PetStore_defn.yaml
I'll have a play with http://shavar.stage.mozaws.net/__api__ and see if I can work out whats up. Assuming I can access that of course - is it only accessible via the VPN?

Ideally, we should implement the Accept header so that URL returns JSON or Yaml depending on what the client wants (and pick a default one)

@stephendonner I can import https://shavar.stage.mozaws.net/__api__ into ZAP without any apparent problems :)