From ce566d44b0bed6e5fff5767670a21dbacd6c4fbc Mon Sep 17 00:00:00 2001
From: Jan Stolle <11133832+janolivermr@users.noreply.github.com>
Date: Mon, 21 Aug 2023 21:19:33 +0200
Subject: [PATCH] Exclude Authorization header from openapi specs. (#714)

In addition to the existing 2 headers, the Authorization header is also
not allowed. Instead it is taken care of by the security schemes
---
 src/Writing/OpenAPISpecWriter.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Writing/OpenAPISpecWriter.php b/src/Writing/OpenAPISpecWriter.php
index 4c9a6cd0..5599ed9e 100644
--- a/src/Writing/OpenAPISpecWriter.php
+++ b/src/Writing/OpenAPISpecWriter.php
@@ -177,7 +177,7 @@ protected function generateEndpointParametersSpec(OutputEndpointData $endpoint):
 
         if (count($endpoint->headers)) {
             foreach ($endpoint->headers as $name => $value) {
-                if (in_array($name, ['Content-Type', 'content-type', 'Accept', 'accept']))
+                if (in_array(strtolower($name), ['content-type', 'accept', 'authorization']))
                     // These headers are not allowed in the spec.
                     // https://swagger.io/docs/specification/describing-parameters/#header-parameters
                     continue;