Skip to content

Empty security list doesn't override top-level security declaration #280

New issue
New issue
Closed
#284
Closed
Empty security list doesn't override top-level security declaration#280
#284
Labels
area/securityIndicates an issue on security area.kind/bug/confirmed
@akurtz-penguin

Description

@akurtz-penguin
akurtz-penguin
opened on Jan 27, 2021

https://github.com/p1c2u/openapi-core/blob/master/openapi_core/validation/request/validators.py#L90

    def _get_security(self, request, operation):
        security = operation.security or self.spec.security
        if not security:
            return {}

operation.security is [] if it's not set, and [] if it's set with security: [], so self.spec.security will always be used.

Workaround is to use an array with an empty security requirement.

security:
  - {}

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/securityIndicates an issue on security area.kind/bug/confirmed

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions