django-rest-swagger icon indicating copy to clipboard operation
django-rest-swagger copied to clipboard

Published 20 hours ago verified publisher icon marcgibbons

Authorization header missing in request payload from swagger UI

Open cegprakash opened this issue 6 years ago • 8 comments

Problem : Authorization header is missing in request payload from swagger UI

django-rest-swagger==2.2.0
djangorestframework==3.8.2

schema_view = get_swagger_view(title='Pastebin API')

urlpatterns = [
    url(r'docs', schema_view),
]

SWAGGER_SETTINGS = {
    'SECURITY_DEFINITIONS': {
        'api_key': {
            'type': 'apiKey',
            'in': 'header',
            'name': 'Authorization'
        }
    },
    'JSON_EDITOR': True,
}

I see the authorize button immediately in the swagger UI

api_key (apiKey) Name: Authorization In: header Value: (textbox)

I typed my token and authorized.

Now I would expect all my requests from swagger getting attached with an Authorization header with the value I provided. But in the request payload, I don't see any header attached. Is there anything that I've missed? I have also gone through many other issues (related to this) and couldn't find a working solution.

cegprakash avatar Jun 26 '18 10:06 cegprakash

Hi! I've faced with the same issue and found this note https://github.com/marcgibbons/django-rest-swagger/issues/757#issuecomment-397527350. Looks like it works now for django-rest-swagger==2.1.2 only.

Skyross avatar Jul 05 '18 09:07 Skyross

Can somebody tell me whether we can pass authorization headers in django-rest-swagger==2.2.0

pavankomarina avatar Aug 16 '18 09:08 pavankomarina

Nope. Use 2.1.2

cegprakash avatar Aug 16 '18 14:08 cegprakash

Hi everyone, have you enabled CORS on your servers?

If not, take a look at https://enable-cors.org. In order for your browser to be allowed to send Authorization headers, your server needs to be watching for OPTIONS requests and sending back Access-Control-Allow-Headers: *. This is a security mechanism enforced by your browser, so there's no way for Swagger UI (or any web app) to get around it.

shockey avatar Sep 08 '18 00:09 shockey

Also - sharing your Swagger JSON/YAML would be helpful here.

shockey avatar Sep 08 '18 00:09 shockey

It's definitely not a CORS issue. It works perfectly in 2.1.2. Just not in 2.2.0

There will be no JSON/YAML file generated when using django-rest-swagger

cegprakash avatar Sep 08 '18 00:09 cegprakash

Hi ! @marcgibbons it seems something related with SECURITY settings. I think this is a required settings from Swagger UI OpenApi, along side with SECURITY_SETTINGS

After some investigation i notice that is something already merged in previous release refers to this PR #636 something went wrong because in 2.2.0 CHANGELOG https://github.com/marcgibbons/django-rest-swagger/blob/master/CHANGELOG.md

  • Add security #636 (dimitrismakris)

it seems that it should be included ... but it's not.

After include this PR it works.

For all that want to try the fix, please pay attention to SECURITY settings format from openapi 2 spec it's an array :-D example

'SECURITY': [
        {
            'api_key' : []
        }
    ]

marcoceccarellispotsoftware avatar Sep 22 '18 15:09 marcoceccarellispotsoftware

Wow in that case just include that msising pull request and plz release a version. This is very much needed. @marcgibbons

cegprakash avatar Sep 22 '18 15:09 cegprakash