Swagger-ui: Headers in lowercase, including bearer

Created on 18 Aug 2017  路  8Comments  路  Source: swagger-api/swagger-ui

| Q | A
| ------------------------------- | -------
| Bug or feature request? | Bug
| Which Swagger/OpenAPI version? | 2.0
| Which Swagger-UI version? | 3.1.5
| How did you install Swagger-UI? | download of dist folder
| Which broswer & version? | Chrome Version 60.0.3112.90 (Official Build) (64-bit)
| Which operating system? | Mac OS 10.12.6

Demonstration API definition

API with OAuth2 support

Configuration (browser query string, constructor, config.yaml)

Defaults

Expected Behavior

I authorized swagger-ui using the default settings, against my OAuth 2 server, with the "implicit" grant.

When using "try it out", it sends the following headers:
-H "accept: application/json" -H "authorization: bearer ..."

At least the "bearer" part of this should be uppercase: https://tools.ietf.org/html/rfc6750

Also, I think it's more standard to send title-case headers, although they're technically case-insensitive.

Current Behavior

"bearer" is lowercase.

Possible Solution

Context

Good first issue P1 lock-bot bug 3.x
Source
picture jacobweber

Most helpful comment

When it comes to the _value_ of a header, we should never change the lettering case.

picture webron on 19 Sep 2017
👍3

All 8 comments

This is a fair point!

The header is being set here, in swagger-client: https://github.com/swagger-api/swagger-js/blob/22f253344b80e13d06c6af8db62de28ed85fd338/src/execute.js#L283

Changing result.headers.authorization to result.headers['Authorization'] should do the trick.

shockey picture shockey on 18 Aug 2017

You'd also need to change https://github.com/swagger-api/swagger-js/blob/22f253344b80e13d06c6af8db62de28ed85fd338/src/execute.js#L293 to make tokenType uppercase.

jacobweber picture jacobweber on 18 Aug 2017
👍1

This is a blocker for usages with OAuth2 APIs, should clearly be labeled as a bug, not an enhancement.

dkarlovi picture dkarlovi on 19 Sep 2017

Yup, this is a bug.

webron picture webron on 19 Sep 2017

@owenconti can you try fixing it? Should be fairly simple. This refers only to the "Bearer" string, the case of the header name is completely irrelevant.

webron picture webron on 19 Sep 2017

@shockey Should we force tokenType to always be uppercase or should it be the responsibility of whatever is setting the token_type value in the authorizations as seen here (from a test):

    const authorizations = {
        bearer: {
          token: {
            access_token: 'one two',
            token_type: 'this is not a bearer'
          }
        }
      }

      return Swagger({spec, authorizations}).then((client) => {
owenconti picture owenconti on 19 Sep 2017

When it comes to the _value_ of a header, we should never change the lettering case.

webron picture webron on 19 Sep 2017
👍3

This was just fixed in https://github.com/swagger-api/swagger-js/pull/1156. Swagger-UI will receive the patch as part of our release this Friday 馃帀

Closing!

shockey picture shockey on 16 Oct 2017
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

liuya05 picture liuya05  路  3Comments
deepumi picture deepumi  路  3Comments
SangeetaGulia picture SangeetaGulia  路  4Comments
songtianyi picture songtianyi  路  3Comments
MartinMuzatko picture MartinMuzatko  路  4Comments