Support for CORS with credentials

[ghost]

When Swagger API is authenticated through cookie, Swagger GUI running on different host cannot access it because it doesn't pass on cookie. Swagger JS should be setting flag withCredentials to true to enable browser to pass on cookie to the Swagger API.

Example of enabling this for jQuery:
$.ajax({ url: a_cross_domain_url, xhrFields: { withCredentials: true } });

References:

• http://www.w3.org/TR/XMLHttpRequest/#the-withcredentials-attribute
• http://api.jquery.com/jquery.ajax/

[fehguy]

While this is easily added, it will cause other issues under some circumstances. @q7a I do not think we can determine automatically whether or not to pass withCredentials without developer hints. How do you envision telling the js client that withCredentials should be set? An initialization option?

[bytesandwich]

I've been getting around this with

var WithCredentials = function() { };
WithCredentials.prototype.apply = function(obj) {
  obj.xhrFields = {
      withCredentials: true
   };
  return true;
};
...
swagger.clientAuthorizations.add("withCredentials", new WithCredentials());

along with new SwaggerClient({ useJQuery: true ...

perhaps letting useJQuery take a function that takes the jquery object, to set ajaxtransport or ajaxprefiter would solve this and give some room for other similar use cases. E.g.

new SwaggerClient({ useJQuery: function($) {
  $.ajaxPrefilter( function( options, originalOptions, jqXHR ) {
    options.crossDomain ={
      crossDomain: true
    };
    options.xhrFields = {
      withCredentials: true
    };
  });
}

[fehguy]

Since you can supply your own HTTP transports now (see https://github.com/swagger-api/swagger-js/blob/master/test/client.js#L308-L325), you can easily support this, and without hacking the swagger-js code.

[blop]

Solution provided by jackphel does not seem to work for me.
What's the official way to do that?

[fehguy]

@blop more details?

[jhilary]

Now you can enable withCredentials by passing enableCookies=true to SwaggerClient.
#891
new Swagger({ url: a_cross_domain_url, enableCookies: true });

[R0nd]

@jhilary you can't, see https://github.com/swagger-api/swagger-js/blob/903569948d5a5c718d7b87d6832a672de4e76afc/docs/GRAVEYARD.md

[LiorArbel]

Is there a way currently (v3) to enable cookies/credentials? I really really need this

[DonMartin76]

I would also like to see this, at least as an option. This would take away the need for some really nasty workarounds I have in our API Management system.

[shockey]

@LiorArbel @DonMartin76, take a look at #1189 - it may cover your use case 😄