ogen
ogen copied to clipboard
ogen-go
Issue with SwaggerUI and CORS
First of all: Bravo on ogen. An excellent piece of software.
Given that the SwaggerUI (https://petstore.swagger.io/) is part of the OpenAPI ecosystem, it would be nice if the SwaggerUI could easily work with the server generated by https://github.com/ogen-go/ogen. curl calls and http requests from the browser work well. However, when using the SwaggerUI application, CORS presents a problem.
According to the documentation given by SmartBear (who supports Swagger):
- https://swagger.io/docs/open-source-tools/swagger-ui/usage/cors/
- https://support.smartbear.com/swaggerhub/docs/ui/cors.html
the following headers need to be in the response:
Access-Control-Allow-Origin: https://host.from.which.the.request.came
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: ResponseHeader1, ResponseHeader2, ...
I can't seem to find a clear explanation of how to include extra HTTP response headers from the code generated by ogen. The examples on middleware.Middleware and ServerOptions aren't giving a clear picture as to whether or not this is the approach used.
So,
- Does the capability of adding HTTP response headers exist in
ogen? - If it does, where is documentation that show how it is done?
Server type implements http.Handler and could be wrapped by any middleware like https://github.com/rs/cors to add more response headers.
But probably we should provide a function to get some information about every route: HTTP method, response headers, etc. It would make CORS setup easier.
