Make `csrf=True` add `X-CSRFToken` header parameters to OpenAPI spec

[jlost]

Adding csrf=True does not currently add X-CSRFToken header parameters to the OpenAPI spec, but I think it should.

Ex:

api = NinjaAPI(auth=django_auth, csrf=True)

...

paths:
  /ping:
    get:
      summary: Checks if the server is alive
      parameters:
        - in: header
          name: X-CSRFToken
          schema:
            type: string
          required: false

[jlost]

This causes all other parameters to be overwritten:

router = Router()
post = partial(
    router.post,
    openapi_extra={
        "parameters": [
            {"in": "header", "name": "X-CSRFToken", "schema": {"type": "string"}, "required": True}
        ]
    },
)

I would expect them to be merged in, as it's named openapi_extra, not openapi_override
Maybe I'm missing something.

[jlost]

x_csrftoken: str = Header(alias="X-CSRFToken", required=True)

This seems to get the job done, but I have to repeat it in many functions.
I also don't see Header mentioned in the documentation.

[OscarVanL]

This causes all other parameters to be overwritten
I would expect them to be merged in, as it's named openapi_extra, not openapi_override

There is now a separate issue to track this: #1505

This seems to get the job done, but I have to repeat it in many functions.

I also encountered this same use-case and frustration and opened this feature request: #1515

[OscarVanL]

@jlost It could be worth retrying your workaround from here with Ninja v1.5.0. My fix in #1517 has been released now.