使用Swagger 3.0发送Cookie会话ID [英] Sending cookie session id with Swagger 3.0

问题描述

据说要定义cookie身份验证，请改用API密钥."在官方文档中

https://swagger.io/docs/specification/describing-参数/#cookie-参数

事实是我们尝试使用

components:
  securitySchemes:
    cookieAuth:         
      type: apiKey
      in: cookie
      name: sessionId
...
    security:
      - cookieAuth: []

使用上面的代码，在Swagger UI中，我们可以单击挂锁来设置sessionId的值.但是，当我们执行该方法时， cookie的值为NULL，并且在Headers(Chrome开发者工具)中看不到发送的cookie

我也尝试将其放在Cookie参数中，如下所示:

parameters:
  - in: cookie
    name: sessionId   
    required: true
    schema:
      type: string 

但是还是有同样的结果(到达null，调试器工具中什么也没有.

我们将Swagger与openApi 3.0以及其他参数一起使用，requestBody运行良好，但这种cookie传输却不可行.

感谢任何有想法的人.

解决方案

Swagger UI和Swagger Editor当前不支持在尝试"请求中发送cookie:
https://github.com/swagger-api/swagger-js/issues/1163

正如开发人员所解释的那样，问题在于，几乎不可能从浏览器内部将任意cookie数据发送到不同的来源.

尽管 SwaggerHub 支持cookie身份验证和cookie参数. SwaggerHub从其服务器而不是从您的浏览器发送尝试"请求，这使得使用用户定义的Cookie标头发送请求成为可能.

披露:我为SwaggerHub的公司工作.

It is said that "To define cookie authentication, use API keys instead." in the official documentation

https://swagger.io/docs/specification/describing-parameters/#cookie-parameters

The fact is we tried with

components:
  securitySchemes:
    cookieAuth:         
      type: apiKey
      in: cookie
      name: sessionId
...
    security:
      - cookieAuth: []

Using the above code, in Swagger UI we are able to click on the padlock to set the value of the sessionId. But when we execute the method, the value of the cookie is NULL and we don't see the cookie sent in the Headers (Chrome Developer tool)

I tried also to put that in cookie parameter like this:

parameters:
  - in: cookie
    name: sessionId   
    required: true
    schema:
      type: string 

But there again, same result (arrive null, and nothing in the debugger tool.

We use Swagger with openApi 3.0, other parameters, requestBody is working well, but not this cookie transmission.

Thx for anything that can have an idea.

解决方案

Swagger UI and Swagger Editor currently do not support sending cookies in "try it out" requests:
https://github.com/swagger-api/swagger-js/issues/1163

As the developers explain, the issue is that it's almost impossible to send arbitrary cookie data to a different origin from within the browser.

SwaggerHub supports cookie auth and cookie parameters though. SwaggerHub sends "try it out" requests from its servers rather than from your browser, which makes it possible to send requests with a user-defined Cookie header.

Disclosure: I work for the company that makes SwaggerHub.

这篇关于使用Swagger 3.0发送Cookie会话ID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！