Swagger-editor: can't send apiKey authorization in header

Created on 22 Jun 2018  路  4Comments  路  Source: swagger-api/swagger-editor

Q&A (please complete the following information)

  • Method of installation: dist assets
  • Swagger-Editor version: 3.6.0

Swagger/OpenAPI definition:

swagger: '2.0'
info:
  title: API
  version: 1.0.0
host: 127.0.0.1:3001
schemes:
  - http
basePath: /
securityDefinitions:
  apikey:
    type: apiKey
    name: authorization
    in: header
produces:
  - application/json
paths:
  /token:
    post:
      summary: get token
      description: >-
        get token.
      parameters:
      - name: "body"
        in: "body"
        description: "use name:token-client-id"
        schema:
            properties:
              name:
                type: 'string'
      tags:
        - auth
      responses:
        '200':
          description: A jwt token
          schema:
            type: object
            items:
              $ref: '#/definitions/accountRsp'
  /account/{accountNo}:
    get:
      summary: get account info
      parameters:
        - name: accountNo
          in: path
          description: Latitude component of start location.
          required: true
          type: string
      security:
      - apikey: []
      tags:
        - account
      responses:
        '200':
          description: An account info
          schema:
            type: object
            items:
              $ref: '#/definitions/accountRsp'
definitions:
  accountRsp:
    properties:
      code:
        type: string
      success:
        type: boolean
      data:
        type: object

1銆乮 try /token ,get a token first
2銆乮 click Authorize button, input the token value
3銆乮 try /account/{accountNo} , get a response: TypeError: Failed to fetch

General:
Request URL: http://127.0.0.1:3001/account/12345678
Request Method: OPTIONS
Status Code: 500 Internal Server Error
Remote Address: 127.0.0.1:3001
Referrer Policy: no-referrer-when-downgrade

Response Headers:
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods: GET, POST, PUT, UPDATE, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 1192
Content-Security-Policy: default-src 'self'
Content-Type: text/html; charset=utf-8
Date: Fri, 22 Jun 2018 02:28:08 GMT
X-Content-Type-Options: nosniff
X-Powered-By: Express

Request Headers:
Accept: /
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Cache-Control: no-cache
Connection: keep-alive
Host: 127.0.0.1:3001
Origin: http://127.0.0.1:8082
Pragma: no-cache
Referer: http://127.0.0.1:8082/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36

how to make the authorization in request headers?

support

Most helpful comment

@delim29 by the way, this response schema is not valid:

          schema:
            type: object
            items:
              $ref: '#/definitions/accountRsp'

The items keyword is used with arrays, not with objects.

Looks like it should be:

          schema:
            $ref: '#/definitions/accountRsp'

All 4 comments

@delim29, your OPTIONS preflight request isn't being handled correctly by your server, which is a CORS issue.

See our documentation on this here: https://github.com/swagger-api/swagger-ui/blob/master/docs/usage/cors.md

@delim29 by the way, this response schema is not valid:

          schema:
            type: object
            items:
              $ref: '#/definitions/accountRsp'

The items keyword is used with arrays, not with objects.

Looks like it should be:

          schema:
            $ref: '#/definitions/accountRsp'

app.use(function (req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, UPDATE, DELETE, OPTIONS');
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, api_key, Accept, Authorization');
res.header('Content-Type', 'application/json');
next();
});

this is my server config with CORS, and i can get token from server ,but can't send token to server

thanks all.
i had solved the problem;

app.use(function (req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, UPDATE, DELETE, OPTIONS');
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, api_key, Accept, Authorization');
res.header('Content-Type', 'application/json');
if('OPTIONS'===req.method){
res.send(200);
}else{
next();
}
});

Was this page helpful?
0 / 5 - 0 ratings

Related issues

korenlev picture korenlev  路  4Comments

bluesh55 picture bluesh55  路  3Comments

freak4pc picture freak4pc  路  3Comments

ljerka picture ljerka  路  5Comments

confuser picture confuser  路  6Comments