Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cookie Authorization is rendered incorrectly in Try it out #4474

Open
alviezhang opened this issue Apr 24, 2018 · 0 comments
Open

Cookie Authorization is rendered incorrectly in Try it out #4474

alviezhang opened this issue Apr 24, 2018 · 0 comments
Labels
cat: auth type: bug

Comments

@alviezhang
Copy link

alviezhang commented Apr 24, 2018
edited

Q A
Bug or feature request? Bug
Which Swagger/OpenAPI version? 3.0.0
Which Swagger-UI version? 3.13.6
How did you install Swagger-UI? yarn install swagger-ui-dist
Which browser & version? Chrome 65.0.3325.181
Which operating system? MacOS 10.13.4 (17E199)

Demonstration API definition

openapi: 3.0.0
info:
  title: API Title
  description: API 
  version: 0.1.0
servers:
  - url: http://example.com
    description: API server

paths:
  /api/user:
    get:
      summary: Get current user information
      description: Get current user information
      responses:
        '200':
          description: Success
components:
  securitySchemes:
    cookieAuth:
      type: apiKey
      in: cookie
      name: token
      description: access token
  schemas:
    User:
      type: object
      required:
        - id
        - name
      properties:
        id:
          type: integer
          format: int32
          description: User ID
        name:
          type: string
          description: User Name
security:
  - cookieAuth: []

Expected Behavior

When I Click Authorize and input the string test|abc, then Click Try it out and Execute, it will request

curl -X GET "http://example.com/api/user" -H "accept: */*" -H "Cookie: token=test|abc"

Current Behavior

It requests

curl -X GET "http://example.com/api/user" -H "accept: */*" -H "Cookie: token=test%7Cabc"

Possible Solution

Don't quote or encode Cookie's value.

Context

My authorization token contains | and :, Swagger UI will encode them, so Try it out doesn't work for me.

rfc6265 declared that

cookie-header = "Cookie:" OWS cookie-string OWS
cookie-string = cookie-pair *( ";" SP cookie-pair )
cookie-pair  = cookie-name "=" cookie-value
cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )

cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
                   ; US-ASCII characters excluding CTLs,
                   ; whitespace DQUOTE, comma, semicolon,
                   ; and backslash

So Cookie value should not be simply encoded or it will incorrectly escape character.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cat: auth type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@webron @alviezhang