X-Ignition-API-Token is being sent lowercase from browsers

joey · August 18, 2025, 10:39pm

openapi-fetch and all other fetch variants are forcing the header key to be lowercase, but the server doesn’t appear to honor it unless it’s the exact case of X-Ignition-API-Token. Anyone else seeing this or have a workaround?

paul-griffith · August 18, 2025, 11:27pm

Case insensitive on my end:

❯ curl -H 'x-ignition-api-token: myToken:8qxc9om0cfgey5iCI0_GVHkOr_TF1_nQr2DPMrwKzEg' http://localhost:8088/data/api/v1/gateway-info      
{"name":"Ignition-DV-pgriffith-MBP","redundancyRole":"Independent","edition":"standard","hostname":"localhost","port":"8088","ignitionVersion":"(Dev Version)","deploymentMode":"","timeZone":"Pacific Standard Time","timeZoneId":"America/Los_Angeles","jvmVersion":"17.0.16","allowUnsignedModules":true,"license":{"mode":"Trial","validForVersion":0,"expirationDate":"Aug 18, 2025, 6:23:44 PM","licenseRestrictions":[]}}%                                                 
~ 
❯ curl -H 'X-Ignition-Api-Token: myToken:8qxc9om0cfgey5iCI0_GVHkOr_TF1_nQr2DPMrwKzEg' http://localhost:8088/data/api/v1/gateway-info      
{"name":"Ignition-DV-pgriffith-MBP","redundancyRole":"Independent","edition":"standard","hostname":"localhost","port":"8088","ignitionVersion":"(Dev Version)","deploymentMode":"","timeZone":"Pacific Standard Time","timeZoneId":"America/Los_Angeles","jvmVersion":"17.0.16","allowUnsignedModules":true,"license":{"mode":"Trial","validForVersion":0,"expirationDate":"Aug 18, 2025, 6:23:44 PM","licenseRestrictions":[]}}%

joey · August 19, 2025, 1:41pm

Thanks sir. Using beta3, and openapi-fetch it is fully ignored. I will keep researching. Related, have you been able to use any of the code generation tools with the openapi.json file? Autorest and openapi-generator-cli fail with many errors.

joey · August 19, 2025, 4:18pm

I think I am understanding the API to not support CORS. Is that true? Options requests even via CURL 404.

paul-griffith · August 19, 2025, 4:23pm

The API is no different than the rest of the gateway.
There's no support for setting arbitrary CORS headers (though it is something we want to add in some future release) but there are some configuration parameters you can set to manipulate some HTTP headers:

joey · August 19, 2025, 4:27pm

This makes sense then. I am trying to write a Tauri/React app and it uses browser based fetch which forces a proper CORS cycle. I will see what I can do to work around it.

paul-griffith · August 19, 2025, 4:37pm

When I run the "official" OpenAPI generator I do get some errors that prevent generating the schema (filed internally as bug IGN-13978; nothing there looks to be too hard to fix) but I can suppress those with a flag and get a valid client generated:
npx @openapitools/openapi-generator-cli generate -i openapi.json -g kotlin -o ./openapi --skip-validate-spec

YMMV - we're definitely not going to even attempt to validate against every possible client generator under the sun, but hopefully once we fix those easy errors most/all client generators should work.

joey · August 19, 2025, 4:42pm

Thanks again! The client gets generated with a few errors (~20 lines of code) that need to be manually fixed so I am working now. Thank you again!