#400 add support to preserve set-cookie response headers

[Rob--W]

Something like this has been attempted before by others. I strongly recommend against using this in this way, because the implementation is flawed and a security risk. See https://github.com/Rob--W/cors-anywhere/pull/154#issuecomment-468649353 and the referenced comments for more background.

[DovOps]

@Rob--W - thanks for the comments. I understand the general risks associated with 'productionizing' this, but I've found it useful when doing local development only, in order to get certain APIs to work in local browsers at development time. In this particular case the auth that took place with the target service leveraged cookies, and therefore I needed them proxied over in order to do development against this service.

[ahmafi]

Yeah, I wanted this for local development only, don't know what others doing for this. But maybe this could be added with a good exposure of how dangerous this is. For example, React has a prop called dangerouslySetHtml which signifies that it is dangerous, but still possible for rare use cases.