swagger-ui icon indicating copy to clipboard operation
swagger-ui copied to clipboard

Published 20 hours ago verified publisher icon swagger-api

Cookies and CORS

Open axi92 opened this issue 2 years ago • 0 comments

Q&A (please complete the following information)

  • OS: ubuntu 20.04
  • Browser: firefox
  • Version: 102
  • Method of installation: dist assets
  • Swagger-UI version: I guess the newest, where can I see that?
  • Swagger/OpenAPI version: OpenAPI 3.0

Content & configuration

We have a modified swagger-initializer.js that is working accept the cookies are not sent with the requests to those subdomains:

window.onload = function() {
  //<editor-fold desc="Changeable Configuration Block">

  // the following lines will be replaced by docker/configurator, when it runs in a docker-container
  window.ui = SwaggerUIBundle({
    urls: [ 
      { url: "https://inventum.domain.com/apidocs.json", name: "Inventum API"},
      { url: "https://releases.domain.com/apidocs.json", name: "SFW Releases API" } 
    ],
    validatorUrl: 'none',
    dom_id: '#swagger-ui',
    deepLinking: true,
    presets: [
      SwaggerUIBundle.presets.apis,
      SwaggerUIStandalonePreset
    ],
    plugins: [
      SwaggerUIBundle.plugins.DownloadUrl
    ],
    layout: "StandaloneLayout",
    useJQuery: true,
    withCredentials: true
  });
  $('.topbar-wrapper > a > img').attr('src', 'logo.svg');
  $('#swagger-ui > section > div.topbar > div > div > form > label > span').text('API Definition');
console.log(document.cookie); // we tried to print the cookies to see if they are set but as the cookies got HttpOnly set to true you are not able to print those with JS
  //</editor-fold>
};

Now the problem is the requests that are made are sent without the cookies. I can see the cookies are set and if I open the url in a new tab and request the same url the cookies are sent. So my guess is that it has something to do with CORS. Is there a way to tell swagger it has to send to cookies in that request? It is the same domain, only different subdomains. Those are the cookie settings: grafik Domain: ".domain.com" It works for every other service that we use, only swagger does not send the cookies on CORS requests.

Withou those cookies set in the request to the openapi.json swagger won't get there. Swagger/OpenAPI definition:

# your YAML here

Swagger-UI configuration options:

SwaggerUI({
  // your config options here
})

?yourQueryStringConfig

Screenshots

There you can see, swagger never gets he openapi.json definition because the cookies are no sent with this request. grafik

How can we help?

I need swagger to send the cookies with every request to those servers where it loads the *.json openapi definition.

axi92 avatar Jul 15 '22 08:07 axi92