Forum Discussion

mootari's avatar
mootari
New Contributor
5 years ago

Cannot set Origin header in SwaggerHub proxy

Hi,

 

I'm currently documenting an internal API that requires the Origin header to be set to a specific domain (that is different from the server domain). I've added the header through a parameter, and the generated curl command correctly includes the corresponding -H argument. But:

  • When I run the query through the web UI with enabled SwaggerHub proxy, I get a 404 response.
  • When I run the generated curl command directly, I get a 200 response.
  • When i run the generated curl command without the origin header, I get a 404 response.

This leads me to believe that the SwaggerHub proxy overrides the origin header. Do you consider this a bug, or should i look for alternative solutions (like setting up my own proxy)?

 

Thanks,

Fabian

3 Replies

  • mootari's avatar
    mootari
    New Contributor

    Here's an API spec to demonstrate that the origin header gets dropped by SwaggerHub:

    openapi: 3.0.0
    servers:
      - url: 'https://postman-echo.com'
      - url: 'https://httpbin.org'
    info:
      version: "1.0.0"
      title: Test origin header
    paths:
      /headers:
        get:
          parameters:
            - in: header
              name: x-foo
              required: true
              schema:
                type: string
                default: bar
            - in: header
              name: origin
              required: true
              schema:
                type: string
                default: 'https://example.com'
          responses:
            '200':
              description: ''
              content:
                application/json: {}

    Generated curl command:

    curl -X GET "https://httpbin.org/headers" -H "accept: application/json" -H "x-foo: bar" -H "origin: https://example.com"

    Response body that shows the x-foo header but not the origin header:

    {
      "headers": {
        "Accept": "application/json",
        "Accept-Encoding": "gzip, deflate, br",
        "Accept-Language": "de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7",
        "Dnt": "1",
        "Host": "httpbin.org",
        "Referer": "https://app.swaggerhub.com/apis/mootari/mirror-headers/1.0.0",
        "User-Agent": "Amazon CloudFront",
        "X-Amz-Cf-Id": "77dNXVYnt2T_oYTfhBsoX6ykMjiLilapxBRTIfhB4pLoX-QhXPT7nw==",
        "X-Amzn-Trace-Id": "Root=1-5cf3918a-2b6a4662bada8d886b17577c",
        "X-Foo": "bar",
        "X-Swaggerhub-Cookie": ""
      }
    }
      • mootari's avatar
        mootari
        New Contributor

        HKosova wrote:

        Hi Fabian,

         

        Could you please open a support ticket so that the team can investigate this further?

        https://support.smartbear.com/message/?prod=SwaggerHub

         

        Thanks


        Respectfully, there has to be a better way. I already have a swaggerhub and smartbear community account (both logged in), and still I'm being asked to provide my personal information yet again?

         

        I'm currently not blocked by this issue as I'm using a self-hosted proxy as a workaround, and I don't see how I could provide any more information than already exists in this topic (but happy to help if I can).