swagger-api/swagger-ui

net::ERR_CONNECTION_CLOSED when Bearer token over 5260 characters.

Open

#5,931 opened on Mar 24, 2020

View on GitHub
 (8 comments) (0 reactions) (0 assignees)JavaScript (8,801 forks)batch import
Hacktoberfestcat: authtype: bug

Repository metrics

Stars
 (25,447 stars)
PR merge metrics
 (Avg merge 20h 34m) (14 merged PRs in 30d)

Description

Hi Team,

I'm using version 3.25. I get a strange issue for one of the users (unfortunately tester). When the user tries to execute API gets the result:

CODE: undocumented; Details: TypeError: Failed to fetch On console, we get: net::ERR_CONNECTION_CLOSED

We are using Bearer Token authorization. The only difference between working user cases and fail is the token. A user on with it fails have many roles stored in the token and the length of the header token is over 5260 chars.

Way to reproduce:

  1. Create API with Header Bearer Token authorization.
  2. Call API by setting token over 5260 chars length.

There is no issue when the user calls endpoint through curl command or postman.

Example API:

{
  "openapi": "3.0.1",
  "info": {
    "title": "Warehouse API",
    "version": "v1"
  },
  "paths": {
    "/api/test": {
      "get": {
        "tags": [
          "test"
        ],
        "parameters": [ ],
		"responses": {
			"200": {
				"description": "Success"
			}
		}
      },  
	},
  },
  "components": {
	"schemas": {},
    "securitySchemes": {
      "TST-Bearer": {
        "type": "apiKey",
        "description": "JWT Authorization header using the Bearer scheme. Example: \"TST-Authorization: Bearer {token}\"",
        "name": "TST-Authorization",
        "in": "header"
      }
    }
  },
  "security": [
    {
      "TST-Bearer": [
        "readAccess",
        "writeAccess"
      ]
    }
  ]
}

Contributor guide