From 0d01afc09b9bf0b9da78bb3d00a8386185364e00 Mon Sep 17 00:00:00 2001
From: cay89 <cay89@users.noreply.github.com>
Date: Fri, 22 May 2026 12:42:33 +0200
Subject: [PATCH 1/2] Add credential handling instructions for Swagger UI

Added instructions for sending credentials with Swagger UI requests, including implementation details for Symfony and Laravel.
---
 core/openapi.md | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/core/openapi.md b/core/openapi.md
index 0f829740688..0f7ce5853d8 100644
--- a/core/openapi.md
+++ b/core/openapi.md
@@ -924,6 +924,33 @@ return [
 > **must** be set according to the
 > [OpenID Connect specification](https://openid.net/specs/openid-connect-core-1_0.html).
 
+## Sending Credentials with Swagger UI Requests
+
+When your API is deployed behind a proxy that uses cookie-based authentication
+(e.g. Cloudflare Access), Swagger UI's requests may be rejected because the
+authentication cookie is not forwarded by default. Enabling `withCredentials`
+adds a `requestInterceptor` to SwaggerUIBundle that sets `credentials: 'include'`
+on every outgoing request, ensuring cookies are sent alongside token and CORS requests.
+
+### Sending Credentials with Swagger UI Requests using Symfony
+
+> [!NOTE]
+> This feature is only available with Laravel. You're welcome to contribute the Symfony implementation
+> [on GitHub](https://github.com/api-platform/core).
+
+### Sending Credentials with Swagger UI Requests using Laravel
+
+```php
+<?php
+// config/api-platform.php
+return [
+    // ...
+    'swagger_ui' => [
+        'with_credentials' => true,
+    ],
+];
+```
+
 ## Info Object
 
 The [info object](https://swagger.io/specification/#info-object) provides metadata about the API

From 2508accf582b0151a4825bd6c30c6c57036df49e Mon Sep 17 00:00:00 2001
From: cay89 <kericsaba89@gmail.com>
Date: Fri, 22 May 2026 12:55:50 +0200
Subject: [PATCH 2/2] prettier fix

---
 core/openapi.md | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/core/openapi.md b/core/openapi.md
index 0f7ce5853d8..c29b020ed5d 100644
--- a/core/openapi.md
+++ b/core/openapi.md
@@ -926,17 +926,16 @@ return [
 
 ## Sending Credentials with Swagger UI Requests
 
-When your API is deployed behind a proxy that uses cookie-based authentication
-(e.g. Cloudflare Access), Swagger UI's requests may be rejected because the
-authentication cookie is not forwarded by default. Enabling `withCredentials`
-adds a `requestInterceptor` to SwaggerUIBundle that sets `credentials: 'include'`
-on every outgoing request, ensuring cookies are sent alongside token and CORS requests.
+When your API is deployed behind a proxy that uses cookie-based authentication (e.g. Cloudflare
+Access), Swagger UI's requests may be rejected because the authentication cookie is not forwarded by
+default. Enabling `withCredentials` adds a `requestInterceptor` to SwaggerUIBundle that sets
+`credentials: 'include'` on every outgoing request, ensuring cookies are sent alongside token and
+CORS requests.
 
 ### Sending Credentials with Swagger UI Requests using Symfony
 
-> [!NOTE]
-> This feature is only available with Laravel. You're welcome to contribute the Symfony implementation
-> [on GitHub](https://github.com/api-platform/core).
+> [!NOTE] This feature is only available with Laravel. You're welcome to contribute the Symfony
+> implementation [on GitHub](https://github.com/api-platform/core).
 
 ### Sending Credentials with Swagger UI Requests using Laravel