Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Response from Swagger "Try it out" is not the same as the one from the generated curl [duplicate]

Having documented my API, I filled the param of my request in the UI and clicked "Execute".

I was then given the corresponding curl and the response body.

For a reason I don't yet understand, I'm logged in but the response body is the one I would have expected were I logged out

But my real surprise is that when running the curl in my terminal I do receive the correct answer (the one received when logged in).

Here is the generated Curl :

curl -X GET "http://server/path" -H "accept: */*" -H "Cookie: PHPSESSID=uk30v14m2l788eehtkb9q1j260"
and the openapi specification 
openapi: '3.0.0'
paths:
  /add.php:
      tags:
        - information
      parameters:
        - in: "header"
          name: "Cookie"
          type: string
      responses:
        '200':
          description: successful operation
For context, I already had to add the "Access-Control-Allow-Origin:*" header to authorize queries from Swagger (before that I was given the "Failed to fetch error" described here)
Thanks for your help !
                Please post the curl command and the actual request sent by Swagger UI. To capture the Swagger UI request, open the dev tools (F12), open the Network tab, and execute the request. Then if you use Chrome, right-click the request (the actual request, not the OPTIONS request) and select "Copy as cURL (bash)". If you use Firefox, right-click the request, select "Edit and Resend", and post the screenshot here. (Alternatively, you could record the raw HTTP request using Fiddler or Charles Proxy or similar tools.)
– Helen
                Jul 26, 2018 at 10:18
                "But my real surprise is that when running the curl in my terminal I do receive the correct answer." - Correct being "logged out", or a response as if you were logged in?
– GolezTrol
                Jul 26, 2018 at 10:26
                Swagger Editor and Swagger UI currently do not support sending cookies in "try it out" requests - see this answer for details. That's why it didn't work in Swagger UI but worked with curl from command line.
– Helen
                Jul 26, 2018 at 13:16
I found the answer (thanks @Helen for your tip !)
I checked the curl send by swagger in my browser developer tools and the cookie param was not there. I thought it would be handled like the others but it must be declared differently. 
After checking the documentation I found that cookies param must be declared "in : cookie" instead of "in : header" (link). (which works, but there is a warning by the swagger editor which don't recognize it as a valid option)
Moreover this cookie being used for authentication purpose I used the dedicated securityScheme (link)
Here is the valid openapi specification
openapi: '3.0.0'
components:
  securitySchemes:
    PHP_session:
      type: apiKey
      in: cookie
      name: PHPSESSID
paths:
  /add.php:
      tags:
        - information
      security:
        - PHP_session: []
      responses:
        '200':
          description: successful operation
edit : Well, I learned a lot and the specification is now valid but indeed it still doesn't work (the response being hard to interpret I had some false hope there ^^'). But I guess it will do until swagger-ui support cookies.
edit : as specified in the answer of the related question (link), it works (for real this time) in SwaggerHub
                Not sure what you mean by "works like a charm" since Swagger UI currently does not support sending cookies in "try it out" requests.
– Helen
                Jul 26, 2018 at 13:17
                @Helen Well yes ^^' I wanted to edit when I saw I had falsely thought it had worked (the response is massive and I missed the relevant info) but you were quicker than me.
– Emarco
                Jul 26, 2018 at 13:24