Header parameter with the name 'Authorization' is ignored

Issue ID: v3-warning-parameter-header-authorization

Description

You have used a restricted value as the name of a header parameter. The values Accept, Content-Type, and Authorization are restricted values and should not be used as the header name. A header with any of these values as the header name is ignored.

For more details, see the OpenAPI Specification.

Example

The following is an example of how this issue could look in your API definition:

1name: Authorization
2in: header
3description: token to be passed as a header
4required: true
5schema:
6  type: array
7  items:
8    type: string
9    format: base64
10    additionalProperties: false
11style: simple
12

Remediation

Make sure that you do not use the restricted values as header parameter names.

Make sure that you have properly defined the security section of your OpenAPI definition and are not trying to use a header parameter to define what in fact should be conveyed in the actual Authorization header.


Copyright 42Crunch 2020