feat(symfony,laravel): withCredentials option to Swagger UI#8197
Merged
Conversation
soyuka
changed the title
withCredentials option to Swagger UIwithCredentials option to Swagger UI
soyuka
force-pushed
the
feat/swagger-ui-with-credentials
branch
2 times, most recently
from
0be4610 to
f482924
Compare
soyuka
changed the title
withCredentials option to Swagger UIwithCredentials option to Swagger UI
Adds a withCredentials boolean to OpenApi\Options. When enabled, a Swagger UI requestInterceptor sets `credentials: 'include'` on every outgoing request so authentication cookies (e.g. Cloudflare Access) are forwarded on token and CORS calls. Disabled by default. - Symfony: new `api_platform.swagger.with_credentials` config key, parameter wired into the Options service, exposed in SwaggerUiProcessor + init-swagger-ui.js - Laravel: new `swagger_ui.with_credentials` config key wired through ApiPlatformProvider, SwaggerUiProcessor and init-swagger-ui.js
soyuka
force-pushed
the
feat/swagger-ui-with-credentials
branch
from
f482924 to
0b5ba20
Compare
soyuka
changed the title
withCredentials option to Swagger UIwithCredentials option to Swagger UI
Member
|
thanks! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
When an API Platform Laravel application is deployed behind Cloudflare Access, the Swagger UI's token and CORS requests are intercepted and rejected with a
401response. This happens because the Cloudflare Access authentication cookie is not forwarded with these requests — browsers only include cookies in cross-origin requests whencredentials: 'include'is explicitly set.Solution
This PR adds a
withCredentialsboolean option toOpenApi\Options. When enabled, arequestInterceptoris injected into the SwaggerUIBundle configuration that setscredentials: 'include'on every outgoing request, ensuring the Cloudflare Access cookie is forwarded.The option is disabled by default to preserve existing behaviour.
Changes
src/OpenApi/Options.php— newwithCredentialsconstructor parameter (defaultfalse) andgetWithCredentials()gettersrc/Laravel/ApiPlatformProvider.php— readsswagger_ui.with_credentialsfrom config and passes it toOptionssrc/Laravel/State/SwaggerUiProcessor.php— includeswithCredentialsin theswagger-dataJSON payloadsrc/Laravel/public/init-swagger-ui.js— conditionally adds arequestInterceptorthat setsreq.credentials = 'include'src/Laravel/config/api-platform.php— documents the newwith_credentialsconfig key (disabled by default)Configuration
Testing
Tests/DocsWithCredentialsTest.php— integration test verifying that"withCredentials":trueis present in the renderedswagger-dataJSON when the option is enabled, and absent by default.