Forum Discussion

rrs-james's avatar
New Member
4 years ago

swagger security oauth2 authorisation code workflow request headers



I am new here but have been struggling with a problem on swagger.


I am getting a Fetch error when I try and authorise using oauth2 with authorisation code flow.


The problem is with CORS and because when using swagger the Origin header is not being set.


My question is fairly simple but I can not find the answer anywhere.


Where/how can I set the request headers for the authorise call in swagger ui?




James Hudson

1 Reply

  • saiyajin's avatar
    SmartBear Alumni (Retired)


    In your case I might suggest you 2 solutions:

    1. Use proxy mode. You can enable proxy settings in the bottom of your specification on SwaggerHub OpenAPI editor page. Here is an image for clarification.
    2. If you route the request via browser, then you should allow CORS requests in the configuration of your server. CORS uses special HTTP headers to allow cross-domain requests. The "try it out" feature requires the following headers in API responses:
    Vary: Origin

    Since you are sending request from SwaggerHub, the origin value is

    If you are expecting a request from any origin while using a wildcard in the response header, you should disable credentials on SwaggerHub OpenAPI editor page (check the bottom settings in the previous screenshot).

    Also, I would like to recommend you the this article on CORS to get into SwaggerHub.