Forum Discussion

mootari's avatar
mootari
New Contributor
6 years ago

Cannot set Origin header in SwaggerHub proxy

Hi,

 

I'm currently documenting an internal API that requires the Origin header to be set to a specific domain (that is different from the server domain). I've added the header through a parameter, and the generated curl command correctly includes the corresponding -H argument. But:

  • When I run the query through the web UI with enabled SwaggerHub proxy, I get a 404 response.
  • When I run the generated curl command directly, I get a 200 response.
  • When i run the generated curl command without the origin header, I get a 404 response.

This leads me to believe that the SwaggerHub proxy overrides the origin header. Do you consider this a bug, or should i look for alternative solutions (like setting up my own proxy)?

 

Thanks,

Fabian

  • mootari's avatar
    mootari
    New Contributor
    6 years ago

    Here's an API spec to demonstrate that the origin header gets dropped by SwaggerHub:

    openapi: 3.0.0
servers:
  - url: 'https://postman-echo.com'
  - url: 'https://httpbin.org'
info:
  version: "1.0.0"
  title: Test origin header
paths:
  /headers:
    get:
      parameters:
        - in: header
          name: x-foo
          required: true
          schema:
            type: string
            default: bar
        - in: header
          name: origin
          required: true
          schema:
            type: string
            default: 'https://example.com'
      responses:
        '200':
          description: ''
          content:
            application/json: {}

    Generated curl command:

    curl -X GET "https://httpbin.org/headers" -H "accept: application/json" -H "x-foo: bar" -H "origin: https://example.com"

    Response body that shows the x-foo header but not the origin header:

    {
  "headers": {
    "Accept": "application/json",
    "Accept-Encoding": "gzip, deflate, br",
    "Accept-Language": "de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7",
    "Dnt": "1",
    "Host": "httpbin.org",
    "Referer": "https://app.swaggerhub.com/apis/mootari/mirror-headers/1.0.0",
    "User-Agent": "Amazon CloudFront",
    "X-Amz-Cf-Id": "77dNXVYnt2T_oYTfhBsoX6ykMjiLilapxBRTIfhB4pLoX-QhXPT7nw==",
    "X-Amzn-Trace-Id": "Root=1-5cf3918a-2b6a4662bada8d886b17577c",
    "X-Foo": "bar",
    "X-Swaggerhub-Cookie": ""
  }
}
      • mootari's avatar
        mootari
        New Contributor
        6 years ago
        HKosova wrote:

        Hi Fabian,

         

        Could you please open a support ticket so that the team can investigate this further?

        https://support.smartbear.com/message/?prod=SwaggerHub

         

        Thanks

        Respectfully, there has to be a better way. I already have a swaggerhub and smartbear community account (both logged in), and still I'm being asked to provide my personal information yet again?

         

        I'm currently not blocked by this issue as I'm using a self-hosted proxy as a workaround, and I don't see how I could provide any more information than already exists in this topic (but happy to help if I can).