See https://github.com/swagger-api/swagger-ui/issues/2793#issuecomment-335332297.
From: <[email protected]> on behalf of Derek Piper <[email protected]> Reply-To: "[email protected]" <[email protected]> Date: Friday, November 3, 2017 at 09:23 To: Swagger <[email protected]> Subject: OpenAPI security option not being used for Swagger UI 'explore' I have a conformant (according to the editor) open api specification JSON, served from a URL. Authorization is via apiKey for the methods and that appears to work, the authorization header is able to be set and is sent along with the paths. However, even after doing the authorization and the Swagger-UI saying I'm 'logged in', it does not send that header when clicking 'Explore'. I need this because only once authorized do certain calls need to be made available. I don't want the whole lot exported without authentication. This is both for security and simplicity since we are able to fine-grain tune what users have access to what methods. No point in describing information for an API entry that they can't use. I checked out the openapi bundle yesterday from https://github.com/swagger-api/swagger-ui.git and I am running via nginx that is serving directly what is in the 'dist' directory with no modifications. I cannot find where to enable authorization header sending for the ui 'explore' operation. Any help would be greatly appreciated. -- You received this message because you are subscribed to the Google Groups "Swagger" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Swagger" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
