Closed JohnRDOrazio closed 3 months ago
Decided to leave Host
for now, since this could be an indication of the "authenticity" of the answer. Removing just X-Real-IP
and Authorization
headers. Fixed in commit https://github.com/Liturgical-Calendar/LiturgicalCalendarAPI/commit/286fc5379d945376848be52516f3bed70a280fae
The
requestHeaders
key was added as a way of confronting the request received with the actual output, to make sure the response produced was effectively according to the request that was made. However there is perhaps a bit too much information stored in this key, considering that this information is baked into a cached response that will be distributed to anyone making successive requests. For example,X-Real-Ip
effectively records the IP address of the first requester. I don't believe this needs to be disclosed publicly... Perhaps the same goes forHost
andAuthorization
headers. We should probably trim down the information stored here to that which is effectively useful for confrontation between request / response.