apiKey auth data not sent #305
Description
I am running swagger editor locally (latest version 2.8.x from git). I am trying to enable access to my API with credentials. I have defined a securityDefinition (yaml):
securityDefinitions:
sessionCookie:
type: apiKey
in: header
name: Cookie
The cookie must be obtained by other means. I use cUrl. Here is an example of the Cookie: PLAY_SESSION="b42a15e05d632f9e56f592a3af826148c42dbc29-userId=a1a0dea0-a18e-11e4-8f1e-000c292711eb&sessionId=230ebba0-a1b8-11e4-8876-000c292711eb&userSessionId=72b9ca50-a32a-11e4-8876-000c292711eb"
The cookie data can be apparently given to swagger but it cannot be sent with subsequent requests. Steps to reproduce this bug:
- Log onto the API using some other method and obtain a Cookie. My API accepts HTTP Basic or POST formData. Set-Cookie header is returned on successful login. I obtain this with cUrl e.g.
curl --user 'uname:pword' --dump-header - http://ngx-client/rest/api/1/auth/login/(HTTP Basic) orcurl -d 'username=uname&password=pword' --dump-header - http://ngx-client/rest/api/1/auth/login/(POST formData) and copy the Set-Cookie data from the dumped headers. - Click Authenticate in Swagger. Paste in the Cookie data. Click Authenticate. Now appears a checkmark and "Authenticated" in green.
- Scroll down to some Path/Action which requires the "sessionCookie" SecuritySchema. Click Try this operation. Orange block appears with Headers that will be sent. "Cookie" header is not present.
- There is a Security dropdown. Choose "sessionCookie". "Cookie" header appears in Headers area but there is no data after it.
- Click Send Request. Response is ERROR. Inspection of request indicates that Cookie header was not sent at all. Response is 401 Unauthorized.