When used on the operation level, consumes and produces override (not extend) the global definitions. In the following example, the GET /logo operation redefines the produces array to return an image:
A list of MIME types this operation can consume. This is overrides the global consumes definition at the root of the API Declaration. Each string value SHOULD represent a MIME type.
Hello! I have just found a bug in the way that
swagger-tools
validates request headers.Specifically, I have this API:
However, when I call this with
application/json
, Swagger Validator is not rejecting the request. This is because I also define a globalconsumes
:According to the Swagger 2.0 specification,
consumes
defined on an operation overwrites, and does not extend, theconsumes
:https://swagger.io/docs/specification/2-0/mime-types/
Swagger 1.2 also defines it this way: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/1.2.md
I believe that this is the code with the wrong behavior: https://github.com/apigee-127/swagger-tools/blob/0cea535b122265c6d01546e199e2e8fda4c0f5da/lib/validators.js#L217-L219
Because it unions the two sets of
consumes
instead of overwriting them.Unfortunately, changing this would be a breaking change to
swagger-tools
, so this fix would need to be performed as a new major version.