Forum Discussion

mootari's avatar
mootari
New Contributor
7 years ago

Cannot set Origin header in SwaggerHub proxy

Hi,   I'm currently documenting an internal API that requires the Origin header to be set to a specific domain (that is different from the server domain). I've added the header through a paramete...
mootari's avatar
mootari
New Contributor
7 years ago

Here's an API spec to demonstrate that the origin header gets dropped by SwaggerHub:

openapi: 3.0.0
servers:
  - url: 'https://postman-echo.com'
  - url: 'https://httpbin.org'
info:
  version: "1.0.0"
  title: Test origin header
paths:
  /headers:
    get:
      parameters:
        - in: header
          name: x-foo
          required: true
          schema:
            type: string
            default: bar
        - in: header
          name: origin
          required: true
          schema:
            type: string
            default: 'https://example.com'
      responses:
        '200':
          description: ''
          content:
            application/json: {}

Generated curl command:

curl -X GET "https://httpbin.org/headers" -H "accept: application/json" -H "x-foo: bar" -H "origin: https://example.com"

Response body that shows the x-foo header but not the origin header:

{
  "headers": {
    "Accept": "application/json",
    "Accept-Encoding": "gzip, deflate, br",
    "Accept-Language": "de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7",
    "Dnt": "1",
    "Host": "httpbin.org",
    "Referer": "https://app.swaggerhub.com/apis/mootari/mirror-headers/1.0.0",
    "User-Agent": "Amazon CloudFront",
    "X-Amz-Cf-Id": "77dNXVYnt2T_oYTfhBsoX6ykMjiLilapxBRTIfhB4pLoX-QhXPT7nw==",
    "X-Amzn-Trace-Id": "Root=1-5cf3918a-2b6a4662bada8d886b17577c",
    "X-Foo": "bar",
    "X-Swaggerhub-Cookie": ""
  }
}
  • mootari's avatar
    mootari
    New Contributor
    7 years ago
    HKosova wrote:

    Hi Fabian,

     

    Could you please open a support ticket so that the team can investigate this further?

    https://support.smartbear.com/message/?prod=SwaggerHub

     

    Thanks

    Respectfully, there has to be a better way. I already have a swaggerhub and smartbear community account (both logged in), and still I'm being asked to provide my personal information yet again?

     

    I'm currently not blocked by this issue as I'm using a self-hosted proxy as a workaround, and I don't see how I could provide any more information than already exists in this topic (but happy to help if I can).