swagger-api/swagger-ui

net::ERR_CONNECTION_CLOSED when Bearer token over 5260 characters.

Open

#5.931 aberto em 24 de mar. de 2020

Ver no GitHub
 (8 comments) (0 reactions) (0 assignees)JavaScript (8.801 forks)batch import
Hacktoberfestcat: authtype: bug

Métricas do repositório

Stars
 (25.447 stars)
Métricas de merge de PR
 (Mesclagem média 20h 34m) (14 fundiu PRs em 30d)

Description

Hi Team,

I'm using version 3.25. I get a strange issue for one of the users (unfortunately tester). When the user tries to execute API gets the result:

CODE: undocumented; Details: TypeError: Failed to fetch On console, we get: net::ERR_CONNECTION_CLOSED

We are using Bearer Token authorization. The only difference between working user cases and fail is the token. A user on with it fails have many roles stored in the token and the length of the header token is over 5260 chars.

Way to reproduce:

  1. Create API with Header Bearer Token authorization.
  2. Call API by setting token over 5260 chars length.

There is no issue when the user calls endpoint through curl command or postman.

Example API:

{
  "openapi": "3.0.1",
  "info": {
    "title": "Warehouse API",
    "version": "v1"
  },
  "paths": {
    "/api/test": {
      "get": {
        "tags": [
          "test"
        ],
        "parameters": [ ],
		"responses": {
			"200": {
				"description": "Success"
			}
		}
      },  
	},
  },
  "components": {
	"schemas": {},
    "securitySchemes": {
      "TST-Bearer": {
        "type": "apiKey",
        "description": "JWT Authorization header using the Bearer scheme. Example: \"TST-Authorization: Bearer {token}\"",
        "name": "TST-Authorization",
        "in": "header"
      }
    }
  },
  "security": [
    {
      "TST-Bearer": [
        "readAccess",
        "writeAccess"
      ]
    }
  ]
}

Guia do colaborador