swagger-api/swagger-ui

net::ERR_CONNECTION_CLOSED when Bearer token over 5260 characters.

Open

#5931 aperta il 24 mar 2020

Vedi su GitHub
 (8 commenti) (0 reazioni) (0 assegnatari)JavaScript (8801 fork)batch import
Hacktoberfestcat: authtype: bug

Metriche repository

Star
 (25.447 star)
Metriche merge PR
 (Merge medio 20h 34m) (14 PR mergiate in 30 g)

Descrizione

Hi Team,

I'm using version 3.25. I get a strange issue for one of the users (unfortunately tester). When the user tries to execute API gets the result:

CODE: undocumented; Details: TypeError: Failed to fetch On console, we get: net::ERR_CONNECTION_CLOSED

We are using Bearer Token authorization. The only difference between working user cases and fail is the token. A user on with it fails have many roles stored in the token and the length of the header token is over 5260 chars.

Way to reproduce:

  1. Create API with Header Bearer Token authorization.
  2. Call API by setting token over 5260 chars length.

There is no issue when the user calls endpoint through curl command or postman.

Example API:

{
  "openapi": "3.0.1",
  "info": {
    "title": "Warehouse API",
    "version": "v1"
  },
  "paths": {
    "/api/test": {
      "get": {
        "tags": [
          "test"
        ],
        "parameters": [ ],
		"responses": {
			"200": {
				"description": "Success"
			}
		}
      },  
	},
  },
  "components": {
	"schemas": {},
    "securitySchemes": {
      "TST-Bearer": {
        "type": "apiKey",
        "description": "JWT Authorization header using the Bearer scheme. Example: \"TST-Authorization: Bearer {token}\"",
        "name": "TST-Authorization",
        "in": "header"
      }
    }
  },
  "security": [
    {
      "TST-Bearer": [
        "readAccess",
        "writeAccess"
      ]
    }
  ]
}

Guida contributor