Swagger Editor Not Passing Authorization in the Request Header
I'm using Swagger Editor for the first time to test an API. I'm running it locally. My authorization is working, but my first GET path schema keeps returning "Failed to fetch" errors.
When I run the Swagger generated Curl code in GitBash, I get the result I expect, so everything I need is in the schema. I just can't get the response when I run it in Swagger Editor.
As far as I can tell, Swagger Editor is not including the Authorization token in the Request Header. Here is the request from my browser console...
I understand that this may be a CORS issue - but I'm not a server admin and I don't have access to make changes to the server. Is there something I need to tell the server admins? Or is there something that I need to change on my local machine to include the authorization code with the header request? My server admin says that CORS is properly enabled.
The odd thing is that if I copy the CURL string that is generated by Swagger Editor, and paste it into GitBash, it runs properly and I get the result I expect. Here's the CURL sting...
If it helps, here is my Swagger JSON.
{
"swagger":"2.0",
"info":{
"description":"Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi molestie sem nec nibh blandit efficitur. Donec arcu massa, semper ut mauris eu, fermentum dictum turpis. [Test Link](http://google.com) Duis efficitur at sapien non maximus. ",
"version":"1.0.0",
"title":"LA-API",
"termsOfService":"http://swagger.io/terms/",
"contact":{
"email":"[email protected]"
},
"license":{
"name":"Apache 2.0",
"url":"http://www.apache.org/licenses/LICENSE-2.0.html"
}
},
"host":"betaapi.myDomain.com",
"basePath":"/",
"tags":[
{
"name":"Account",
"description":"First try at adding LA-API Swagger paths",
"externalDocs":{
"description":"Find out more",
"url":"http://swagger.io"
}
}
],
"schemes":[
"http"
],
"securityDefinitions":{
"la-api_auth":{
"type":"oauth2",
"tokenUrl":"http://betaauthorize.myDomain.com/access_token",
"flow":"password",
"scopes":{
"write:la":"Lorem ipsum",
"read:la":"Dolor sit amet"
}
},
"api_key":{
"type":"apiKey",
"name":"Authorization",
"in":"header"
}
},
"paths":{
"/api/account/{account_id}":{
"get":{
"tags":[
"Account"
],
"summary":"Account - View",
"description":"Lorem ipsum dolor sit amet, consectetur adipiscing elit.",
"operationId":"AccountView",
"produces":[
"application/json"
],
"parameters":[
{
"name":"account_id",
"in":"path",
"description":"ID of Account to return",
"required":true,
"type":"integer",
"format":"int64"
}
],
"security":[
{
"la-api_auth":[
"write:la",
"read:la"
]
}
],
"responses":{
"200":{
"description":"successful operation"
},
"400":{
"description":"Invalid Account ID supplied"
},
"401":{
"description":"Authorization token is required and has failed or has not yet been provided"
},
"404":{
"description":"Account ID not found"
}
}
}
}
},
"definitions":{
"Account":{
"type":"object",
"properties":{
"sms_id":{
"type":"integer",
"format":"int64",
"example":"370"
},
"address1":{
"type":"string",
"example":"123%"
},
"city":{
"type":"string",
"example":"Test%"
},
"state_id":{
"type":"string",
"example":"TN"
}
}
},
"ApiResponse":{
"type":"object",
"properties":{
"code":{
"type":"integer",
"format":"int32"
},
"type":{
"type":"string"
},
"message":{
"type":"string"
}
}
}
},
"externalDocs":{
"description":"Find out more about Swagger",
"url":"http://swagger.io"
}
}
Any advice would be appreciated. Thanks.
Going by this resource: https://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0
OPTIONS requests should exclude user credentials, so should also not respond with a 401 by the server.
- How does the 'Access-Control-Allow-Origin' header work?
- How to enable CORS in ASP.net Core WebAPI
- Why does my CORS configuration still block datatables from consuming an API?
- Google Cloud: Access to image has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource
- React/Axios API Get Request Issues (CORS & Internal Server Error 500)
- CORS Error when using .page.js, but not .page.server.js to fetch external csv ressource with SvelteKit
- Blazor HttpClient stuck in GetAsync
- Angular 18 CORS issue with Springboot as backend
- Do Electron apps enforce CORS restrictions in the renderer process?
- CORS (cross origin resource sharing) using PHP
- How to Solve CORS error in accessing laravel routes
- How do I fix CORS issue in Fetch API
- How to stop CORS from blocking connections to my node netlify server?
- Enable access control on simple HTTP server
- Security implications of adding all domains to CORS (Access-Control-Allow-Origin: *)
- CORS error while consuming calling REST API with React
- CORS issue with express.js
- Adding headers to iis static files not working in asp.net CORE
- Google Maps API: No 'Access-Control-Allow-Origin' header is present on the requested resource
- Issue with CORS origin linked to API key
- Google Cloud Storage request blocked by CORS: not allowed by Access-Control-Allow-Origin
- canvas.toDataURL() SecurityError
- How to fetch a resource from a github release?
- Blazor WASM Local dev CORS errors fetching API endpoints
- how to set up cors() in typescript express
- R2: Setting CORS policy with different methods per allowed-origins
- How to bypass CORS policy when sending get/post request from React JS?
- Firebase-Storage Access to fetch at '..' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource
- The 'Access-Control-Allow-Origin' header contains multiple values
- CORS Issue - Between Dev and Prod