Missing Headers Parameters with "Proxy-" prefix

[heldersepu]

Q	A
Bug or feature request?	Bug
Which Swagger/OpenAPI version?	Latest
Which Swagger-UI version?	Latest
How did you install Swagger-UI?	Swagger-Net
Which browser & version?	Chrome
Which operating system?	Win10

Context

This started as a research from SO question:
https://stackoverflow.com/questions/47509258/add-proxy-authorization-header-in-swagger
Here is an example reproducing the issue:
http://swashbuckletest.azurewebsites.net/swagger/ui/index?filter=ValueProvider#/ValueProvider/ValueProvider_Put

Expected Behavior

All the headers params should be send

Current Behavior

The calls are ignoring all the Headers Parameters with "Proxy-" prefix.
In my example the request does not show:
Proxy-Test, Proxy-CustomAuth or Proxy-Authorization

[shockey]

This is a weird one 😄

Looks like /Proxy-.*/ is a reserved pattern within the browser:

Forbidden header name

A forbidden header name is an HTTP header name that cannot be modified programmatically; specifically, an HTTP request header name.

These are forbidden, so the user agent retains full control over them. Names starting with Sec- are reserved for creating new headers safe from APIs using Fetch that grant developers control over headers, such as XMLHttpRequest.

Forbidden header names start with Proxy- or Sec-, or consist of one of the following (...)

https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name

This leaves us in the same position we're at in swagger-api/swagger-js#1163 - as long as we're playing in the browser's sandbox, we have to play by these rules 😕

[heldersepu]

@shockey that answers the question, thanks!