I have an existing REST service and a hosting server that requires the x-requested-with header to accept requests. And I need to define the swagger document for this service.
I don't want to include this x-requested-with header in the application's description because it is not part of the application's API but rather of the hosting server. At the same time, I would like to make the swagger clients such as swagger-ui (e.g., when the swagger file is retrieved from the hosting server and opened in swagger-ui) be able to include this header when making requests.
Unfortunately, swagger-ui does not allow a non-declared header to be added to the requests. So, one approach would be to add a dummy apiKey security definition in the swagger file as in