lnowak (https://github.com/swagger-api/swagger-ui/pull/1238) noted an issue where a file download triggered via the Content-Disposition header will result in a link to download the file, but the file will be corrupt. I am also seeing this issue in my environment.

The response headers: { "Cache-Control": "no-cache, no-store", "Content-Disposition": "attachment; filename="example.zip"", "Transfer-Encoding": "chunked", "Content-Type": "application/octet-stream" }

This is the download URL that it displays in the UI. If I download via this link, I get a corrupt file. If I use the link directly from the browser, I get a valid download. blob:http%3A//localhost%3A8090/9222e8a1-8628-476f-9341-372d68729d58

Hi All,

I started using swagger-ui to use with oauth2 access code flow with interactive facility( Try it out feature) I downloaded latest master version and copied 'dist' folder and run 'live-server' by mounting to dist folder.It loads my test.yaml file and "Authorize" also will be appeared(But it is showing unlock icon though). Refer unlock-icon.png

Anyway once i click Authorize button, it shows the popup and i can enter client id and secret too. Refer authorize-popup.png

Then once i click Authorize button with correct client id and secret it will open a new window and i can see the generated code with the redirect url. But problem is, it won't close that window and it remain in the same page. That new window url something like this http://localhost:3200/oauth2-redirect.html?code=fs-QFeYgj-bpXLjs8Fbak2pm2DwZZs0hc4QU0gKV&state=RnJpIEp1biAwMiAyMDE3IDExOjU4OjQ2IEdNVCsxMDAwIChBRVNUKQ%3D%3D

Can you just explain is this something on my code or defect? i spend more than 3 days to fix this issue with several tricks, but didn't success.

My security definitions on the yaml file looks like follow

securityDefinitions:
  OauthSecurity:
    type: oauth2
    flow: accessCode
    authorizationUrl: https://xxxxxx.xxxxx.xxxx/as/authorization.oauth2
    tokenUrl: https://yyyyy.yyyyy.yyyyy/as/token.oauth2
    grantType: authorization_code
    scopes:
      admin: Admin things

security:
 - OauthSecurity:
    - admin

Thank you very much for your help. Really looking forward for a quick reply :)

Using v2.2.10 of Swagger UI I'm not seeing examples at all. When I'm editing with swagger-editor I do see the example shown properly. I used this for my method definition:

  /person/{email}/create:
    post:
      summary: Create a new account
      tags:
        - Person
      parameters:
        _... chop ..._
      responses:
        201:
          description: The new SQL ident and sport details 
          examples:
            application/json: |
              [
                12,
                [
                  {
                    "sql_idnet" : 12,
                    "name" : "Basketball"
                  },
                  {
                    "sql_ident" : 13,
                    "name" : "Ice Hockey"
                  }
                ]
              ]
        412:
          description: The email address is already in use. 

Hi Team,

Iam unable to load the security definitions through swagger UI documentations.

Please let me know if i need to include any js file/ div classes.

Thanks, Rajesh

Response headers not being displayed for either 200 or other results, error sample below shows the issue.

In the sample below the ETag header is defined for the parameters and for the 200 and 405 responses, but it's only being show for the parameters.

{
    "swagger": "2.0",
    "info": {
        "version": "1.0.0",
        "title": "Test sample showing swagger error",
        "description": "Show that response headers are not rendered",
        "contact": {
            "name": "Troels Liebe Bentsen",
            "email": "[email protected]"
        }
    },
    "host": "localhost",
    "basePath": "/",
    "schemes": [
        "http"
    ],
    "consumes": [
        "application/json"
    ],
    "produces": [
        "application/json"
    ],
    "paths": {
        "/test": {
            "post": {
                "summary": "Test",
                "description": "Test stuff",
                "operationId": "doTest",
                "parameters": [
                    {
                        "in": "body",
                        "name": "body",
                        "required": true,
                        "schema": {
                            "type": "array",
                            "items": {
                                "$ref": "#/definitions/test"
                            }
                        }                       
                    },
                    {
                        "in": "header",
                        "name": "ETag",
                        "description": "Used as caching key for future requests",
                        "type": "string"
                    }
                ],
                "responses": {
                    "200": {
                        "description": "Test stuff response",
                        "schema": {
                            "type": "array",
                            "items": {
                                "$ref": "#/definitions/test"
                            }
                        },
                        "headers": {
                            "ETag": {
                                "description": "Used as caching key for future requests",
                                "type": "string"
                            }
                        }
                    },
                    "405": {
                        "description": "Invalid input",
                        "headers": {
                            "ETag": {
                                "description": "Used as caching key for future requests",
                                "type": "string"
                            }
                        }
                    }
                },
                "tags": ["test"]
            }
        }
    },
    "definitions": {
        "test": {
            "required": [
                "test1"
            ],
            "properties": {
                "test1": {
                    "type": "string"
                }
            }
        }
    }
}

Hi all,

I´m experimenting with swagger and swagger-ui with my REST API (Jersey). I have an operation named "addUser" (POST) that receives two parameters "id" and "name". When I try to test this operation via swagger-ui-1.1.1 I set values in their inputs (id and name) but when I send it to the server there´s not parameters in the request. It seems they are not being sent to the server. I have another three operations in my API (GET, PUT and DELETE) and works fine. I hope you can help me.

Thanks and regards

Feature proposal: JSON Body Editor

Previous history

This PR is a continuation of https://github.com/swagger-api/swagger-ui/pull/1088 You will find earlier informations/comments there about the history of this PR.

Related work

This is a proposal to add a JSON editor for body requests in swagger UI.

This work is based on another open source project called Json-editor by Jeremy Dorn.

You will be able to find a demo of Jeremy's editor here to give you an idea of the great potential of this editor.

Configuration

The editor can be enabled/disabled using the swagger configuration key jsonEditor :

      window.swaggerUi = new SwaggerUi({
        jsonEditor:true
      });

The option is currently enabled by default (just because it is more practical for e2e tests).

Visual preview

This is how it looks like at the moment in a post request:

Online preview

You can try the UI with the editor here: http://thomsonreuters.github.io/swagger-ui/ you will need to have CORS enabled on your endpoint

Backward compatibility

According to the way swagger now works, Specs 1.2 are now automaticaly converted to 2.0.

So it should work with 1.2 as well but I haven't not tested it yet.

Current state of the implementation

Please let me know how I could improve both the internal design (code, unit tests, configuration) and external design (css, user experience).

External dependencies

The following PR have been created on JSONEditor to implement this feature https://github.com/jdorn/json-editor/pull/461 (closed) https://github.com/jdorn/json-editor/pull/456 (open, need some rework) https://github.com/jdorn/json-editor/pull/512 (merged)

So at the moment this PR is using a custom JSONEditor version until both remaining PR will be accepted.

Tests

Tested on http://petstore.swagger.io/v2/swagger.json https://raw.githubusercontent.com/jabr9983/swagger.json/master/swagger.json

Not tested yet http://ringcentral.github.io/api-explorer-beta/swagger-ring.json https://api.swaggerhub.com/apis/fehguy/ringcentral-api/1.0

How to specify the swagger documentation annotation for generating model schema for Map attribute in a Java bean?

//groovy code
class Foo {
  int id
  String description
  Map<String, Bar> targets
  //few other attributes
}

For targets attribute, swaggerui shows 1 line but does not give the model schema for Bar class.

targets (Map[string,Bar])

How do I get Bar class Model schema as well in UI? Am using latest swagger library ('com.wordnik:swagger-jersey-jaxrs_2.10:1.3.8')

Hi. I'm trying to use the oauth2 feature with password flow from swagger 2.0 spec. I dont' know if I'm doing thing wrong or if there some missing stuff, but let me explain. This is my spec:

swagger: '2.0'

info:
  title: BakPak API
  description: BakPak server API
  version: '1.0.0'

host: localhost:5000
basePath: /api/v1

schemes:
  - http
  - https

consumes:
  - application/json

produces:
  - application/json

securityDefinitions:
  basicPassword:
    type: oauth2
    flow: password
    tokenUrl: http://localhost:5000/api/v1/token
    scopes:
      s1: Scope 1
      s2: Scope 2

paths:
  /token:
    get:
      tags:
        - auth
      summary: Get an authentication token
      description: Get an authentication token
      operationId: GetToken
      responses:
        '200':
          description: ""
        default:
          description: Operation failed.
  /test:
    get:
      summary: Test endpoint
      description: Test endpoint
      responses:
        '200':
          description: ""
        default:
          description: Operation failed.
      security:
        - basicPassword:
          - s1
          - s2  
  /user:
    post:
      tags:
        - user
      summary: Add a user
      description: Add a user
      operationId: AddUser
      parameters:
        - name: body
          in: body
          description: Type can be `bp`, `facebook` or `google`.
          schema:
            $ref: '#/definitions/Credentials'
      responses:
        '200':
          description: ""
        default:
          description: Operation failed.

definitions:
  Credentials:
    properties:
      type:
        type: string
      username:
        type: string
      password:
        type: string
      token:
        type: string

I have a /test endpoint just to test oauth2. I remove the comment in index.html to enable oauth2 flow:

            initOAuth({
              clientId: "your-client-id",
              realm: "your-realms",
              appName: "your-app-name"
            });

When I click on the "on/off" button to authorize, a new windows browser is opened with the following url http://localhost:5000/swagger-ui/null&redirect_uri=http://localhost:5000/swagger-ui/o2c.html&realm=your-realms&client_id=your-client-id&scope=s1,s2.

Note the null in the url. It is normal? I'm not super familiar with every aspect of oauth, but I was expecting a popup for username/password and somehow receiving at some endpoint a POST with a application/x-www-form-urlencoded in the request body like this: grant_type=password&username=johndoe&password=A3ddj3w

reference: http://tools.ietf.org/html/rfc6749#section-4.3.2

If the schemes parameter is configured (and not empty) for an API, Swagger UI picks the first [1] [2] scheme value up for API requests. For example:

{
    "swagger": "2.0",
    "schemes": [
        "http",
        "https"
    ]
}

As a consequence, all requests will be made over HTTP.

This cause "mixed content issues" when Swagger UI is served/hosted via HTTPS and yet makes regular HTTP requests, as explained above.

[1] https://github.com/swagger-api/swagger-js/blob/master/lib/client.js#L274 [2] https://github.com/swagger-api/swagger-js/blob/master/lib/client.js#L290

I've been pulling my hair out on this, not sure if I'm doing something wrong? I have been unable to get a swagger-ui request to include ANY type of header. My Grape API uses an API token in the header for auth, and no matter what I do I cannot get it to show up in anything. I've tried all of the api-key example code, so I must be doing SOMETHING wrong.

However, upon closer inspection, even the demo petstore app does not contain an api header in the request headers.

I'm using the readme/sample code verbatim right now -

function addApiKeyAuthorization(){
        var key = encodeURIComponent($('#input_apiKey')[0].value);
        if(key && key.trim() != "") {
            var apiKeyAuth = new SwaggerClient.ApiKeyAuthorization("api_key", key, "query");
            window.swaggerUi.api.clientAuthorizations.add("api_key", apiKeyAuth);
            log("added key " + key);
        }
      }

How can I get a request header of "api_key: value" to show up in request headers?

I am facing the same issue as another user has described in: https://stackoverflow.com/questions/74330421/dont-pre-populate-examples-in-swagger-ui-try-it-out-feature

As in my opinion the issue is described very well in the provided article and I want to avoid duplication, I hope you do accept me not adhering to the bug report template.

Hello, I am using swagger version 4.12.0. OpenAPI Spec 2.0. I have an API POST call where I am sending a formData file type OPTIONAL param in the request. But when using the swagger ui, for the case where I do not select any file for this optional param field. I receive this error: "[java.lang.ArrayIndexOutOfBoundsException: Array index out of range: -8190". The request works when I select a file for the request. It seems to fail before it even reaches my backend code.

I was able to reproduce what I think is the same error on the swagger sample editor: Steps to reproduce:

1. Open https://editor.swagger.io/
2. Click Edit > Choose Load Petstore OAS 2.0
3. On the right panel, try out POST /pet (Change first property id: from 0 to 100 , leave other fields as is) hit enter
4. Go to post /pet/{petId}/uploadImage Try it out, set petId to 100, leave other formData fields empty. Hit enter
5. See response: "message": "org.jvnet.mimepull.MIMEParsingException: Missing start boundary"
6. On left side code panel, ctrl + F “/pet/{petId}/uploadImage:” the formData fields are both required: false.

This is actually a regression, as before I updated to version 4.12.0, this same API used to work without any errors. I guess at some version level, some additional checking was added to the params where this issue was introduced.

It looks like this fail might be because even though I do not add this optional formData field, the CURL request swagger UI sends still includes this header -> -H 'Content-Type: multipart/form-data'. When I try the curl command myself I see the same error, but if I remove this multipart/form-data contentType header field from the Curl request. It then succeeds.

Thanks a lot for taking the time to look at this, hope this could be resolved..

	"/myAPI":{
      "post":{
        "summary":"mySummary",
        "description":"myDescription",
        "operationId":"myAPIId",
        "x-display-name":"My API",
        "tags":[
          "My API"
        ],
        "produces":[
          "application/json"
        ],
        "parameters":[
          {
            "name":"name",
            "in":"query",
            "description":"name field",
            "required":true,
            "type":"string" 
          },       
          {
            "name":"file",
            "in":"formData",
            "description":"Upload file",
            "required":false,
            "type":"file" 
          }
        ],

Q&A (please complete the following information)

• OS: macOS and Windows
• Browser: chrome
• Version: 108.0.5359.98(Chrome Version)
• Method of installation: npm
• Swagger-UI version: latest (v4.15.5)
• Swagger/OpenAPI version: OpenAPI 3.0

Content & configuration

I enter a value in the cookie parameter and execute it, but it is not set in the Request Header.

Example Swagger/OpenAPI definition:

{
    "openapi": "3.0.1",
    "servers": [
        {
            "url": "http://localhost:3200",
            "description": "Generated server url"
        }
    ],
    "paths": {
        "/cookie": {
            "get": {
                "tags": [
                    "cookie-controller"
                ],
                "operationId": "index_6",
                "parameters": [
                    {
                        "name": "aa",
                        "in": "query",
                        "required": false,
                        "schema": {
                            "type": "string"
                        }
                    },
                    {
                        "name": "test",
                        "in": "cookie",
                        "required": false,
                        "schema": {
                            "type": "string"
                        }
                    }
                ],
                "responses": {
                    "404": {
                        "description": "example response"
                    },
                    "200": {
                        "description": "example response",
                        "content": {
                            "*/*": {
                                "schema": {
                                    "type": "string"
                                }
                            }
                        }
                    }
                }
            }
        },
    }
}

Swagger-UI configuration options:

SwaggerUI({
  // your config options here
})

Default value not specified.

Describe the bug you're encountering

I enter a value in the cookie parameter and execute it, but it is not set in the Request Header.

To reproduce...

Same as above.

Expected behavior

I want the value to be set in the cookie in the Request header.

Screenshots

Same as above

In swagger openapi v2 UI we could use the API right away - open the route and execute. In this version there is one more click which you have to do all the time. So now we have to do three clicks to execute a route function:

1. Expand the route
2. Click Try it out
3. Click Execute

I'd understand this change if you'd expand all routes by default, but then you don't allow to enter the parameters when "try it out" is not enabled. But you still display those parameters, then why not hide them and not disable them? This brings frustration.

What is the reasoning behind this UI that's harder to use? I understand that sometimes you want to browse but then you'd probably want to disable the interaction altogether for the whole swagger UI and not have it under a button under each route. So you could move this button to the top of the page for all routes. So one "try it out" click for all of them would probably be better here.

And now we have this weird compromise where we can't click Execute for specific routes immediately but we can't disable specific routes too. If you wanted this configurability then you should've added it and not added a button that guards against something that can't be configured.

Again - I'm not sure what was the original idea but the result is not something useful. I think if you want to enable editing then you should at least move this button to the top of the UI because there is no difference if I press it at the top or for each route separately. And on top of that if you collapse and expand a route group then the Try it Out button becomes disabled. This is not good.

Content & configuration

An AI tool to generate testdata for a given endpoint, based on a configured database.

Attaching a database (e.g. mysql / mariadb) to a AI-Model and the Codebase enabling swagger to fetch testdata for a given endpoint.

If this is in scope for swagger, it would be a great addition to automate and simplify project texting

The API is deployed without any Security Scheme provided in the swagger.json, however, the API is accessed over reverse proxy with Basic Username/password Authentication. Since the security scheme is not provided, the swagger UI won't display the "Authorize" button. Is there any way to enable/show "Authorize" button without Security Scheme or provide such proxy configuration in Swagger spec itself?