swagger-ui: GET request do not allow a body

Q&A (please complete the following information)

  • OS: linux
  • Browser: firefox
  • Version: 67
  • Method of installation: composer
  • Swagger-UI version: 3.20.7
  • Swagger/OpenAPI version: OpenAPI 3.0

Content & configuration

Example Swagger/OpenAPI definition:

openapi: "3.0.0"
servers:
  - url: https://myproject.development
paths:
  /search-by-email:
    get:
      requestBody:
        description: get info by email address
        required: true
        content:
          application/json:
            schema:
              type: object   
              properties:
                email:
                  type: string
                  example: john.doe@gmail.com

Describe the bug you’re encountering

As far as i understand the http specs, sending a body is also valid in a GET call. Cause E-Mail Addresses are privacy relevant, we don’t like to have it in the URL (as path part or query parameter).

This endpoint does not modify anything, so POST is not a correct method to do so.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 15 (1 by maintainers)

Most upvoted comments

Has there been any follow up on this? OpenAPI did end up allowing a request body on GET requests. Should this be re-opened?

+8
tseale07 on Jul 23, 2020

Apparently, If swagger sticks to the OpenAPI standard, we should avoid using swagger with Spring MVC, since Spring MVC allows GET request with a body.
If Swagger does not allow this, we have to seek alternatives, either Swagger or Spring MVC. Given we already have so many applications running in production, it’s unlikely we replace the application framework, we have to replace Swagger.

+3
niulin on Jun 27, 2019

@pavlus as far as i understand this, this mean that a server does not need to implement this, not that the spec forbits it. So if the backend application is been able to do it, its ok todo so.

+3
dominikzogg on Jun 24, 2019

Yes Please reopen

+2
mehulchandroliya on Dec 27, 2020

Has there been any follow up on this? OpenAPI did end up allowing a request body on GET requests

Indeed, see https://github.com/OAI/OpenAPI-Specification/pull/2117

IMHO this issue should be reopened to keep in line with the OpenAPI specs.

+2
miraculixx on Nov 26, 2020

using .NET swashbuckle.AspNetCore.SwaggerUI 6.2.2 and have the same error. please reopen

+1
dimos171 on Sep 22, 2021

@shockey thanks for the additional information, issue at this level is solved so far

+1
dominikzogg on Jun 24, 2019

https://tools.ietf.org/html/rfc7231#section-4.3.1 :

A payload within a GET request message has no defined semantics;
sending a payload body on a GET request might cause some existing
implementations to reject the request.
+1
pavlus on Jun 24, 2019
Read more comments on GitHub
← swagger-ui: GET method doesn't support body payload
swagger-ui: Incorrect Accept header sent from Swagger-UI →