All header names put onto Access-Control-Request-Headers and values discarded

[sunshineo]

When reporting a bug, please provide the following details:

• swagger-ui version
  latest master branch
• a swagger file reproducing the issue
  client auth issue, see attached screenshot

All I did was follow the README.md and added these 2 lines in dist/index.html

      window.swaggerUi.api.clientAuthorizations.add("key", new SwaggerClient.ApiKeyAuthorization("test", "XXXX", "header"));
      window.swaggerUi.api.clientAuthorizations.add("key2", new SwaggerClient.ApiKeyAuthorization("test2", "XXXX2", "header"));

However when the request is sent, I got something does not make any sense.
The header names are added to Access-Control-Request-Headers

[sunshineo]

The problem is NOT that it got put on the wrong header. That IS the right header to put on. The screenshot showed the request is for OPTION not the actual GET. So the problem is with the service side. The service is a dropwizard service and CORS is turned on using https://stackoverflow.com/questions/25775364/enabling-cors-in-dropwizard-not-working https://bl.ocks.org/tifletcher/567b4a5f5874d7a8ec65

Now the problem is that "api_key" is not white listed as a CORS allowed header.
I added this line on the service and it works now.

corsFilter.setInitParameter(CrossOriginFilter.ALLOWED_HEADERS_PARAM, "Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,api-key");