Treatment of x-requested-with header

elakito · ‎03-27-2019

I have an existing REST service and a hosting server that requires the x-requested-with header to accept requests. And I need to define the swagger document for this service.

I don't want to include this x-requested-with header in the application's description because it is not part of the application's API but rather of the hosting server. At the same time, I would like to make the swagger clients such as swagger-ui (e.g., when the swagger file is retrieved from the hosting server and opened in swagger-ui) be able to include this header when making requests.

Unfortunately, swagger-ui does not allow a non-declared header to be added to the requests. So, one approach would be to add a dummy apiKey security definition in the swagger file as in

    "securityDefinitions": {
...
        "XRequestedWith": {
            "type": "apiKey",
            "in": "header",
            "name": "x-requested-with"
        }
    },
    "securityRequirement": [
...
        {
            "XRequestedWith": []
        }
    ]

and activate this apiKey to force including this header. Would this be a recommended approach or are there better approaches?

Regards, aki

Treatment of x-requested-with header

Treatment of x-requested-with header

Separate path/tag API definitions for external APi

Java client code generated from anyOf using array ...

How to uncheck the "send empty value"

Swagger offers me wrong DTO models

Need help in generating swagger 3.0 specification