Header parameter with the name 'Authorization' is ignored

Issue ID: v3-warning-parameter-header-authorization

Description

You have used a restricted value as the name of a header parameter. The values Accept, Content-Type, and Authorization are restricted values and should not be used as the header name. A header with any of these values as the header name is ignored.

For more details, see the OpenAPI Specification.

Example

The following is an example of how this issue could look in your API definition:

{
    "name": "Authorization",
    "in": "header",
    "description": "token to be passed as a header",
    "required": true,
    "schema": {
        "type": "array",
        "items": {
            "type": "string",
            "format": "base64",
            "additionalProperties": false
        }
    },
    "style": "simple"
}

Remediation

Make sure that you do not use the restricted values as header parameter names.

Make sure that you have properly defined the security section of your OpenAPI definition and are not trying to use a header parameter to define what in fact should be conveyed in the actual Authorization header.