Cookie Authentication Failed on chrome

[LaysDragon]

Q&A (please complete the following information)

• OS: windows 10
• Browser: chrome
• Version: 76.0.3809.132 x64
• Method of installation: dist assets from unpkg (//unpkg.com/swagger-ui-dist@3/swagger-ui-bundle.js)
• Swagger-UI version: 3.23.8
• Swagger/OpenAPI version: OpenAPI 3.0

Content & configuration

Example Swagger/OpenAPI definition:

{
    "openapi": "3.0.0",
    "info": {
        "title": "API",
        "version": "0.1"
    },
    "servers": [
        {
            "url": "\/api",
            "description": "Default API Server"
        }
    ],
    "paths": {
        "\/account\/current": {
            "get": {
                "operationId": "Current::index",
                "responses": {
                    "200": {
                        "content": {
                            "application\/json": {
                                "schema": {
                                    "$ref": "#\/components\/schemas\/Account"
                                }
                            }
                        }
                    },
                    "401": {
                        "$ref": "#\/components\/responses\/Unauthorized"
                    }
                },
                "security": [
                    {
                        "default": []
                    }
                ]
            }
        },
        "\/v2\/swagger.json": {
            "get": {
                "operationId": "Swagger_json::index",
                "responses": {
                    "200": {
                        "description": "Swagger API Definition"
                    }
                }
            }
        }
    },
    "components": {
        "schemas": {
            "Account": {
                "properties": {
                    "id": {
                        "type": "integer"
                    }
                },
                "type": "object"
            }
        },
        "responses": {
            "Unauthorized": {
                "description": "Unauthorized"
            }
        },
        "securitySchemes": {
            "default": {
                "type": "apiKey",
                "name": "ci_session",
                "in": "cookie"
            }
        }
    }
}

Swagger-UI configuration options:

const ui = SwaggerUIBundle({
                url: "api/v2/swagger.json",
                dom_id: '#swagger-ui',
                presets: [
                SwaggerUIBundle.presets.apis,
                SwaggerUIBundle.SwaggerUIStandalonePreset
                ]
            })

api/v2/swagger.json

Describe the bug you're encountering

Cannot auth the request with cookie auth method.

To reproduce...

Steps to reproduce the behavior:

1. Go to GET /account/current
2. Click on Try it out
3. Click on Execute
4. Check request detail in Network in Chrome Developer Tool

Expected behavior

The execute function in Try it out not working as excepted,it ignored the cookie sitting in Security requirement and caused the auth failed and get 401 from my server

Screenshots

Additional context or thoughts

I try to track the stack and found swagger-ui have set the cookie in the request but the fetch function ignored it or using the brower's cookie instead.

[hkosova]

Cookie authentication currently does not work in Swagger UI and Swagger Editor because of browser security restrictions that prevent web pages from modifying certain headers (such as Cookie) programmatically. Please see swagger-api/swagger-js#1163 for details and future updates regarding this issue.

A possible workaround is to use the withCredentials option and rely on browser-supplied cookies instead.

[LaysDragon]

Thanks for reply :3
well I understand the problem now.swagger cannot function properly with cookie auth until somebody set up a extension to help with such cookie setting. for now on I login manually at login api and let brower deal the cookie instead as workaround

[shockey]

Closing as resolved — we'll continue tracking this generally in swagger-api/swagger-js#1163.