Fork me on GitHub

Has anyone ever tried to restrict access to the swagger-ui, e.g. using Basic Auth?


yep you need to add a middleware to the swagger route that checks for the presence of the header


Great, I tried this without success so far 😄 did you use buddy? @U3QUAHZJ6


no buddy experience but: the middleware needs to check if there is a Authorization: Basic .... header if the header is there, decode it and check its contents, if its not then return 401 with the WWW-Authenticate: Basic realm="User Realm" and the browser will ask for the crendentials


attach that middleware to the swagger html endpoint or the json endpoint (I dont remember which one Ive used)


Im having a hard time understanding why this request gets parsed correctly in this first example everything is parsed as expected

clj => (do (prn (:headers request)) (prn (-> request :parameters :body))
{"user-agent" "Restler/0.17.6 (android)",
 "host" "",
 "accept-encoding" "gzip, deflate, br",
 "content-length" "18",
 "content-type" "application/json"}
{:employees [1]}
but here it fails
{"te" "gzip, deflate; q=0.5",
 "Dalvik/2.1.0 (Linux; U; Android 9; SM-A530F Build/PPR1.180610.011)",
 "connection" "keep-alive",
 "host" "",
 "accept-encoding" "gzip",
 "content-length" "86",
 "content-type" "application/json"}


both have the correct content type why only one is being parsed?