You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
According to the docs, the first API operation has no security, because the default security is overridden by an empty array, while the second is protected by the default apiKey security, defined on the root level of the spec.
However, the swagger-parser ignores that empty array, leaving security=null for both operations and thus making it impossible to tell whether an API is secured by the default security or is explicitly configured to be unsecure.
Note: this problem only happens with Swagger 2.0 files, while Swagger 3.0 files are parsed fine.
Expected result:
security=[] for the first operation (get /api/not-secured), security=null for the second operation (get /api/secured)
Actual result:
security=null for both operations
Parsing result:
Swagger-parser version: 2.1.1
Sample spec:
Description:
According to the docs, the first API operation has no security, because the default security is overridden by an empty array, while the second is protected by the default apiKey security, defined on the root level of the spec.
However, the swagger-parser ignores that empty array, leaving
security=null
for both operations and thus making it impossible to tell whether an API is secured by the default security or is explicitly configured to be unsecure.Note: this problem only happens with Swagger 2.0 files, while Swagger 3.0 files are parsed fine.
Expected result:
security=[] for the first operation (get /api/not-secured), security=null for the second operation (get /api/secured)
Actual result:
security=null for both operations
Parsing result:
The text was updated successfully, but these errors were encountered: