Headers are not case sensitive, so I updated the code not to transmit Host, Accept-Encoding, X-Forwarded-For, Client-IP no matter the case.
I added support to pass original selected headers back to the client, for improved security and performance (eg. to allow the client to cache the JS files). As a consequence, I remove the hard-coded Access-Control-Allow-Origin / Access-Control-Allow-Credentials because they are sent by origin.
Hello !
Headers are not case sensitive, so I updated the code not to transmit
Host
,Accept-Encoding
,X-Forwarded-For
,Client-IP
no matter the case.I added support to pass original selected headers back to the client, for improved security and performance (eg. to allow the client to cache the JS files). As a consequence, I remove the hard-coded
Access-Control-Allow-Origin
/Access-Control-Allow-Credentials
because they are sent by origin.Of course, this is open to discussion.
Thanks.