Add cookie support

[mohsen1]

AJAX calls will sen document cookies. This is an interface for updating
document cookies.

[fehguy]

@mohsen1 I thought that cookie values would be passed in the parameters section. Is that not possible?

[mohsen1]

That's the limit of XHR. You should set withCredentials to true but that's all the control you have

https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest

[fehguy]

My question isn't about the technical implementation, rather the UI. I would suggest that the UI not change, and swagger-js handles setting the document.cookies internally. You should simply render the UI fields for cookie support as normal input boxes.

[mohsen1]

Two questions:

• Should we render a cookie input field for every operation?
• What is the api in SwaggerJS for updating the cookie?

[fehguy]

1. no, we should use "in": "cookie" to decide if we should render an input box for cookie support (i'm not sure if it's in the spec, but we should support it anyway). Most people will simply be using swagger.authorizations to set cookies, with the enhancement in authorizations should support cookies swagger-js#282

2. swagger.authorizations will set cookies at the global level, and sending the values like any other operation (query, path, header, etc) should set the cookies. So no special API. Treat it like any other input.

[webron]

"in": "cookie" is indeed not in the spec. whether we support it or not is up to you.

[mohsen1]

If in: cookie is not supported in 2.0 specs, shouldn't we move this and related issues to Future?

[cemo]

It would be awesome to support Cookie. We are using cookie for our services and having support in the first place would be great. Please add cookie support. :(

[hongxingli]

second cemo, we need cookie support badly since we use session in cookie

[hongxingli]

hi Mohsen,
I got the latest code from develop_2.0 branch, but after I launch the UI, I did not see the cookie option, what else do I need to do?
Thanks,
Hongxing

[earth2marsh]

Agree that if in: cookie is not in the spec, that we should push this to future when it is there.

Whether that should be in the spec is a different question, and an issue should be opened on the swagger-spec project.

While I appreciate that there may be many services today that use cookies, I see a number of disadvantages to using cookies with APIs. I'll try to avoid hijacking this thread more than I already have, but I'm interested in understanding the use cases for cookie-based APIs (will join spec issue discussion).

[webron]

@earth2marsh - for your viewing pleasure (well, and participation of course) :)
OAI/OpenAPI-Specification#161
OAI/OpenAPI-Specification#15