You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The problem is:
My API and Swagger UI are hosted in different domains, and credential is required for some api. I found the credential in cookie is not sent for CORS calls.
I have enabled the CORS on the api server, the crendential is stopped by client (Swagger-UI).
Describe the solution you'd like
Change the credential policy of the featch call from same-origin to include:
I'm not sure is there any reason to use same-origin instead of include in Swagger-UI. Consider this UI is used for tecnical cases, there should be no security risk. Is there any special reason to use same-origin option for the crendential?
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem?
The problem is:
My API and Swagger UI are hosted in different domains, and credential is required for some api. I found the credential in cookie is not sent for CORS calls.
I have enabled the CORS on the api server, the crendential is stopped by client (Swagger-UI).
Describe the solution you'd like
Change the credential policy of the
featch
call fromsame-origin
toinclude
:swagger-ui/src/core/plugins/download-url.js
Line 17 in a1e5f21
Additional context
I'm not sure is there any reason to use
same-origin
instead ofinclude
in Swagger-UI. Consider this UI is used for tecnical cases, there should be no security risk. Is there any special reason to usesame-origin
option for the crendential?The text was updated successfully, but these errors were encountered: