swagger-ui icon indicating copy to clipboard operation
swagger-ui copied to clipboard
verified publisher icon swagger-api

Authorization header is not added to reqest while calling multipart/form-data from swagger UI v3

Open rajesh-siddulugari opened this issue 2 years ago • 9 comments

Q&A (please complete the following information)

  • OS: Windows, linux
  • Browser: chrome
  • Version: 114.0.5735.199
  • Method of installation: docker compose
  • Swagger-UI version: 4.18.2
  • Swagger/OpenAPI version: OpenAPI 3.0

Content & configuration

Example Swagger/OpenAPI definition: { "openapi" : "3.0.1", "info" : { "title" : "IBM PEM REST API Documentation ", "description" : "API document for IBM PEM Services.\n
" }, "externalDocs" : { }, "servers" : [ { "url" : "https://localhost:9443/mrmws" }, { "url" : "http://st:8080/apis" }, { "url" : "https://localhost:9444/mrmws" }, { "url" : "/" } ], "security" : [ { "basicAuth" : [ ] } ], "tags" : [ { "name" : "System Configuration Type Services" }, { "name" : "Code Services" }, { "name" : "CodeList Services" }, { "name" : "CodeList Type Services" } ], "paths" : { "/sponsors/{sponsorContext}/documents/upload" : { "post" : { "security": [ { "basicAuth": [] } ], "tags" : [ "Document Services" ], "summary" : "Upload Document", "description" : "Service for uploading documents.", "operationId" : "documentUpload", "parameters" : [ { "name" : "dualUriPattern", "in" : "path", "description" : "uri pattern: possible values (sponsor|partner)", "required" : true, "style" : "simple", "explode" : false, "schema" : { "type" : "string" } }, { "name" : "sponsorContext", "in" : "path", "description" : "The sponsor context URI (short name to identify the company).", "required" : true, "style" : "simple", "explode" : false, "schema" : { "type" : "string" } } ], "requestBody" : { "content" : { "multipart/form-data" : { "schema" : { "required" : [ "documentCategory", "documentContents", "documentName" ], "type" : "object", "properties" : { "documentCategory" : { "type" : "string", "description" : "The category of the document.", "enum" : [ "LOGO", "ACTIVITY" ] }, "documentContents" : { "type" : "string", "description" : "Upload the required document. The file size limit is 2MB.", "format" : "binary" }, "documentName" : { "description" : "Name of the document." }, "isEncrypted" : { "type" : "string", "description" : "The document is encrypted.", "default" : "TRUE", "enum" : [ "TRUE", "FALSE" ] }, "partnerKey" : { "description" : "Unique key to identify the partner." } } } } }, "required" : true }, "responses" : { "200" : { "description" : "Successful", "content" : { } }, "400" : { "description" : "Bad request", "content" : { } }, "500" : { "description" : "Internal Failure", "content" : { } } } } }, "components" : { "schemas" : { "securitySchemes" : { "BasicAuthentication" : { "type" : "http", "scheme" : "basic" } }, "security": [ { "basicAuth": [] } ]

} }

Steps to reproduce the behavior:

  1. Use the above schema
  2. Click on "Try it out" for the /sponsors/{sponsorContext}/documents/upload route which uses a multipart/form-data body
  3. provide values for document name, and upload file in document content.
  4. click on authorize header on top and provide basic auth.
  5. click on execute.

Expected behavior

Authorize header should be send along with the request.

current behavior

Authorize header is missing in the request.

Screenshots

image

image

Additional context or thoughts

multipart/form-data should send Authorize header along with the request for authenticating with server.

rajesh-siddulugari avatar Jul 30 '23 15:07 rajesh-siddulugari

SwaggerUI@4 is no longer supported and only receives serious security related patches. Can you please try to reproduce on SwaggerUI@5? Thanks

char0n avatar Aug 02 '23 12:08 char0n

Thanks for response. I am currently using "org.springdoc:springdoc-openapi-starter-webflux-ui:2.1.0" for swagger UI which is latest version that supports springboot 3.1.0 . These dependency had bundled with swagger-ui:4.18.2.

But when i try to use swagger-ui:5.2.0 with the above dependency. Swagger Ui is not coming up I am getting below attached error.

image

rajesh-siddulugari avatar Aug 02 '23 16:08 rajesh-siddulugari

HI @char0n Any update on this issue please.

rajesh-siddulugari avatar Aug 08 '23 05:08 rajesh-siddulugari

@rajesh-siddulugari we're not maintaining sprintboot library. If it cannot integrate SwaggerUI@5, there is unfortunately nothing I can do. I can work with you on a doing certain changes to SwaggerUI if you find out that the integration with sprint book is somehow caused by changes in SwaggerUI.

char0n avatar Aug 08 '23 11:08 char0n

@char0n I had taken latest version of "org.springdoc:springdoc-openapi-starter-webflux-ui:2.2.0" which has swagger UI 5.2.0 version as dependent library. Even with this version of swagger UI I am able to reproduce the issue. Authorization header is not attached while sending request to webserver.

rajesh-siddulugari avatar Aug 15 '23 16:08 rajesh-siddulugari

@char0n Any update on this issue please.

rajesh-siddulugari avatar Aug 21 '23 14:08 rajesh-siddulugari

@char0n I am getting the same issue - Authentication header is not included in the curl command. Using [email protected] packaged with FastAPI v0.103.

https://github.com/swagger-api/swagger-ui/issues/8444 appears to be a duplicate of this issue.

image

neoformit avatar Sep 14 '23 07:09 neoformit

This is on my radar, but would any of you be willing to investigate and issue a PR?

char0n avatar Sep 14 '23 08:09 char0n

This issue is related to swagger-js 13cddf28.

The v-cors-patch commit prevents the transmission of 3 header parameters.

image

Perhaps we should consider making some improvements regarding this?

he11olx avatar Jan 31 '24 09:01 he11olx