-
Notifications
You must be signed in to change notification settings - Fork 9.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
should Cookie headers be ignored by 'parameters'? #2819
Comments
I think for the Header Object the "follows the structure of the Parameter Object" is sufficient, because the forbidden names are in the field definition. But we should say something about Cookie. I'm going with its behavior being undefined (for compatibility purposes - we can't make it illegal). |
I think it's possible to describe |
PR merged for 3.0.4 and ported to 3.1.1 via PR #3921! |
In https://spec.openapis.org/oas/v3.1.0#fixed-fields-9: "If in is "header" and the name field is "Accept", "Content-Type" or "Authorization", the parameter definition SHALL be ignored." Should this also include "Cookie" and/or "Set-Cookie", since these are handled by the 'cookie' parameter type?
Similarly for the header object at https://spec.openapis.org/oas/v3.1.0#header-object (and I noticed that "Accept", "Content-Type" or "Authorization" are not excluded there, and probably should be).
The text was updated successfully, but these errors were encountered: