Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorization header does not set in CDN mode. #1939

Open
channprj opened this issue Jun 4, 2024 · 4 comments
Open

Authorization header does not set in CDN mode. #1939

channprj opened this issue Jun 4, 2024 · 4 comments
Assignees
@hanspagel
Labels
bug Something isn't working

Comments

@channprj
Copy link

channprj commented Jun 4, 2024

What happens?

image

Authorization header doesn't set in CDN mode.

I think it's related with $ref issue.

image

What did you expect to happen?

image

How can we reproduce the issue?

  1. Deploy with CDN
  2. Send request
  3. Authorization does not set

OpenAPI Document

https://sandbox.scalar.com/e/G8yz4
@channprj channprj added the bug Something isn't working label Jun 4, 2024
@channprj
Copy link
Author

channprj commented Jun 4, 2024

I'll fix $ref, but it works fine in swagger.

@channprj channprj changed the title authorization header does not set in CDN mode. Authorization header does not set in CDN mode. Jun 4, 2024
@hanspagel
Copy link
Member

Thanks for the report! I don’t have the chance to check it right now, but my gut tells me it’s not related to the parser error.

@hanspagel
Copy link
Member

Finally got time to look at this! Thanks for the report.

This is happening because the API defintion has an empty object {} in the security array:

"security": [
  {
    "cookieAuth": []
  },
  {
    "basicAuth": []
  },
+  {}
],

According to the OpenAPI 3.0.3 specification, this makes authentication optional:

To make security optional, an empty security requirement ({}) can be included in the array.

Source: https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#operation-object

And if no authentication is required, we don't add it to the example request. Personally, I think that’s fine. What do you think @marclave?

Here is a sandbox without the empty object:
https://sandbox.scalar.com/e/lIISF

@hanspagel hanspagel self-assigned this Jun 7, 2024
@channprj
Copy link
Author

channprj commented Jun 11, 2024
edited
Loading

@hanspagel Thank you for your analysis. I intended authentication to be optional in that case. Please consider adding an authentication header. I wish that it could be added by entering the authentication header value.

Reference

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hanspagel hanspagel

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hanspagel @channprj