Exclude Authorization header from openapi specs. (#714)

In addition to the existing 2 headers, the Authorization header is also not allowed. Instead it is taken care of by the security schemes
knuckleswtf · Aug 21, 2023 · ce566d4 · ce566d4
1 parent 6a9d51b
commit ce566d4
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/Writing/OpenAPISpecWriter.php b/src/Writing/OpenAPISpecWriter.php
@@ -177,7 +177,7 @@ protected function generateEndpointParametersSpec(OutputEndpointData $endpoint):
 
         if (count($endpoint->headers)) {
             foreach ($endpoint->headers as $name => $value) {
-                if (in_array($name, ['Content-Type', 'content-type', 'Accept', 'accept']))
+                if (in_array(strtolower($name), ['content-type', 'accept', 'authorization']))
                     // These headers are not allowed in the spec.
                     // https://swagger.io/docs/specification/describing-parameters/#header-parameters
                     continue;