JohnRDOrazio
commented
3 months ago Decided to leave Host for now, since this could be an indication of the "authenticity" of the answer. Removing just X-Real-IP and Authorization headers. Fixed in commit https://github.com/Liturgical-Calendar/LiturgicalCalendarAPI/commit/286fc5379d945376848be52516f3bed70a280fae
The
requestHeaderskey was added as a way of confronting the request received with the actual output, to make sure the response produced was effectively according to the request that was made. However there is perhaps a bit too much information stored in this key, considering that this information is baked into a cached response that will be distributed to anyone making successive requests. For example,X-Real-Ipeffectively records the IP address of the first requester. I don't believe this needs to be disclosed publicly... Perhaps the same goes forHostandAuthorizationheaders. We should probably trim down the information stored here to that which is effectively useful for confrontation between request / response.