Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(openapi): hide auth header when set in securityScheme #769

Merged
merged 1 commit into from
Dec 25, 2023

Conversation

aheckmann
Copy link
Contributor

Treat the http bearer auth security scheme the same as other security schemes by removing the authorization header.

Fixes #734

Checklist

  • run npm run test and npm run benchmark <== benchmark doesn't exist so skipped that one.
  • tests and/or benchmarks are included
  • documentation is changed or added <== N/A
  • commit message and code follows the Developer's Certification of Origin
    and the Code of conduct

Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Could the same issue show up with Swagger?

@aheckmann
Copy link
Contributor Author

It's possible. I haven't been using it so didn't check it out.

@aheckmann
Copy link
Contributor Author

@mcollina From what I could find, this lib already handles swagger properly b/c bearer auth does not have special handling in the spec - only OpenAPI 3 has the special bearer declaration where in is not specified.

Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@mcollina mcollina merged commit ca3a88e into fastify:master Dec 25, 2023
19 checks passed
@aheckmann aheckmann deleted the fix/authorization_header branch December 25, 2023 16:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Authorization header is required while being set
2 participants