Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow free-form Cookie header to be set in the Authorise modal #9710

Open
chris-crispin opened this issue Mar 18, 2024 · 1 comment
Open

Allow free-form Cookie header to be set in the Authorise modal #9710

chris-crispin opened this issue Mar 18, 2024 · 1 comment

Comments

@chris-crispin
Copy link

Content & configuration

Swagger/OpenAPI definition:

openapi: 3.0.1
info:
 title: Some Example Service
 version: "1.0"
servers:
- url: http://localhost:8080
 description: Generated server url
security:
- Cookie: []
paths:
 /something/create:
   post:
     operationId: createSomething
     parameters:
       - name: client-id
         in: header
         required: false
         schema:
           type: string
     responses:
       "201":
         description: Created
components:
 securitySchemes:
   Cookie:
     type: apiKey
     description: Authentication Cookies
     name: Cookie
     in: header

Swagger-UI configuration options:

SwaggerUI({
  persistAuthorization: true
})

Is your feature request related to a problem?

Clients are not able to set free-form cookies in the browser rendering the try it out function useless for a number of our APIs.

Describe the solution you'd like

When a header authorization named Cookie is configured in security schema and the persist authorization option is set to true, and the authorize button is clicked, the free-form cookie values provided in the authorization modal should be set on the browser, thus sent with any request to the same origin. The path for these cookies should be set to "/" to ensure the cookies are attached to every same origin request (it appears as though this feature sets these to the Swagger UI path based on my limited testing).

cookie

Describe alternatives you've considered

Alternative is to let the request fail in the UI and copy the curl request to be performed on the users terminal or provide some javascript helper to set the cookies through the browser console independent of Swagger UI. Both of these are cumbersome and put a dent in the usability/benefits of the Swagger UI.
@sudiptosarkar sudiptosarkar mentioned this issue Aug 6, 2024
Open
17 tasks
@sudiptosarkar
Copy link

This feature is already present. You can specify the cookie name in your swagger config beforehand. Example:

{
  "openapi": "3.0.0",
  .
  .
  .
  "components": {
    "securitySchemes": {
      .
      .
      .
      "myCookieAuth": {
        "type": "apiKey",
        "in": "cookie",
        "name": "my_cookie_name",
        "description": "My Cookie based Authentication"
      }
    }
  }
}

It doesn't work though, as stated in #8683. I raised a PR to fix it about a year ago, and no one is merging it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sudiptosarkar @chris-crispin