Swagger-ui: Cookie Authentication Failed on chrome
Q&A (please complete the following information)
- OS: windows 10
- Browser: chrome
- Version: 76.0.3809.132 x64
- Method of installation: dist assets from unpkg (//unpkg.com/swagger-ui-dist@3/swagger-ui-bundle.js)
- Swagger-UI version: 3.23.8
- Swagger/OpenAPI version: OpenAPI 3.0
Content & configuration
Example Swagger/OpenAPI definition:
{
"openapi": "3.0.0",
"info": {
"title": "API",
"version": "0.1"
},
"servers": [
{
"url": "\/api",
"description": "Default API Server"
}
],
"paths": {
"\/account\/current": {
"get": {
"operationId": "Current::index",
"responses": {
"200": {
"content": {
"application\/json": {
"schema": {
"$ref": "#\/components\/schemas\/Account"
}
}
}
},
"401": {
"$ref": "#\/components\/responses\/Unauthorized"
}
},
"security": [
{
"default": []
}
]
}
},
"\/v2\/swagger.json": {
"get": {
"operationId": "Swagger_json::index",
"responses": {
"200": {
"description": "Swagger API Definition"
}
}
}
}
},
"components": {
"schemas": {
"Account": {
"properties": {
"id": {
"type": "integer"
}
},
"type": "object"
}
},
"responses": {
"Unauthorized": {
"description": "Unauthorized"
}
},
"securitySchemes": {
"default": {
"type": "apiKey",
"name": "ci_session",
"in": "cookie"
}
}
}
}
Swagger-UI configuration options:
const ui = SwaggerUIBundle({
url: "api/v2/swagger.json",
dom_id: '#swagger-ui',
presets: [
SwaggerUIBundle.presets.apis,
SwaggerUIBundle.SwaggerUIStandalonePreset
]
})
api/v2/swagger.json
Describe the bug you're encountering
Cannot auth the request with cookie auth method.
To reproduce...
Steps to reproduce the behavior:
- Go to GET /account/current
- Click on Try it out
- Click on Execute
- Check request detail in Network in Chrome Developer Tool
Expected behavior
The execute function in Try it out not working as excepted,it ignored the cookie sitting in Security requirement and caused the auth failed and get 401 from my server
Screenshots
Additional context or thoughts
I try to track the stack and found swagger-ui have set the cookie in the request but the fetch function ignored it or using the brower's cookie instead.
LaysDragon
All 3 comments
Cookie authentication currently does not work in Swagger UI and Swagger Editor because of browser security restrictions that prevent web pages from modifying certain headers (such as Cookie) programmatically. Please see swagger-api/swagger-js#1163 for details and future updates regarding this issue.
A possible workaround is to use the withCredentials option and rely on browser-supplied cookies instead.
hkosova
on 9 Sep 2019
Thanks for reply :3
well I understand the problem now.swagger cannot function properly with cookie auth until somebody set up a extension to help with such cookie setting. for now on I login manually at login api and let brower deal the cookie instead as workaround
LaysDragon
on 12 Sep 2019
Closing as resolved — we'll continue tracking this generally in swagger-api/swagger-js#1163.
shockey
on 28 Sep 2019
Related issues
easyest
·
3Comments
zilongl
·
3Comments
insideshell
·
3Comments
SangeetaGulia
·
4Comments
andrecarlucci
·
3Comments
Most helpful comment
Thanks for reply :3
well I understand the problem now.swagger cannot function properly with cookie auth until somebody set up a extension to help with such cookie setting. for now on I login manually at login api and let brower deal the cookie instead as workaround