Description
Describe the bug
Javascript error occurs when I set springdoc.swagger-ui.csrf.enabled=true and try to send any request from swagger-ui.html:
TypeError: Cannot set property 'X-XSRF-TOKEN' of undefined at requestInterceptor (index.html?configUrl=/v3/api-docs/swagger-config:50)
So I debugged line 50 of index.html and found that headers object is indeed undefined:
According to swagger-ui documentation isn't requestInterceptor function accepts one argument requestInterceptor(request) and headers should be set to this object rather than function itself?
For example:
window.onload = function() {
const ui = SwaggerUIBundle({
requestInterceptor: (request) => {
const value = `; ${document.cookie}`;
const parts = value.split(`; XSRF-TOKEN=`);
console.log(parts);
if (parts.length === 2) {
// `request` object has `headers` property
request.headers['X-XSRF-TOKEN'] = parts.pop().split(';').shift();
}
return request;
}
}To Reproduce
Steps to reproduce the behavior:
- What version of spring-boot you are using - v2.3.4.RELEASE
- What modules and versions of springdoc-openapi are you using?
dependencies {
implementation 'org.springdoc:springdoc-openapi-ui:1.4.6'
}- Provide with a sample code (HelloController) or Test that reproduces the problem
@RestController
@RequestMapping("/tvshow")
public class TvshowController {
@GetMapping
String findAll() {
return "test";
}
}- Spring Security Configuration
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and()
.authorizeRequests().antMatchers("/").permitAll();
}
}Additional context
Have tested on the following browsers, error occurs on all of them:
Google Chrome Version 85.0.4183.102 (Official Build) (64-bit)
Safari Version 14.0 (15610.1.28.1.9, 15610)