Forum Discussion

elakito's avatar
New Contributor
6 years ago

Treatment of x-requested-with header

I have an existing REST service and a hosting server that requires the x-requested-with header to accept requests. And I need to define the swagger document for this service.


I don't want to include this x-requested-with header in the application's description because it is not part of the application's API but rather of the hosting server. At the same time, I would like to make the swagger clients such as swagger-ui (e.g., when the swagger file is retrieved from the hosting server and opened in swagger-ui) be able to include this header when making requests.


Unfortunately, swagger-ui does not allow a non-declared header to be added to the requests. So, one approach would be to add a dummy apiKey security definition in the swagger file as in

    "securityDefinitions": {
... "XRequestedWith": { "type": "apiKey", "in": "header", "name": "x-requested-with" } }, "securityRequirement": [
... { "XRequestedWith": [] } ]

and activate this apiKey to force including this header. Would this be a recommended approach or are there better approaches?


Regards, aki

No RepliesBe the first to reply