Header parameters have the same name

Description

Two or more header parameters have properties name that are considered equal.

While parameter names normally are case-sensitive, RFC 7230 states that HTTP header names are not. The OpenAPI Specification (OAS) does therefore not consider header parameters names as case-sensitive, so names like content-type and Content-Type are considered equal. You should not have equal header parameters in your OpenAPI definition.

For more details, see the OpenAPI Specification.

Example

The following is an example of how this issue could look in your API definition:

1parameters:
2  - name: Auth-Token
3    in: header
4    description: Auth-Token
5    required: true
6    type: string
7  - name: auth-token
8    in: header
9    description: Authorization token for user
10    required: true
11    type: string
12

Remediation

Make sure that all header parameters have unique name.

1parameters:
2  - name: Auth-Token
3    in: header
4    description: Auth-Token
5    required: true
6    type: string
7  - name: auth-token
8    in: header
9    description: Authorization token for user
10    required: true
11    type: string
12

Copyright 42Crunch 2021