Headers are not case sensitive, so I updated the code not to transmit Host, Accept-Encoding, X-Forwarded-For, Client-IP no matter the case.
I added support to pass original selected headers back to the client, for improved security and performance (eg. to allow the client to cache the JS files). As a consequence, I remove the hard-coded Access-Control-Allow-Origin / Access-Control-Allow-Credentials because they are sent by origin.
Hello !
Headers are not case sensitive, so I updated the code not to transmit
Host,Accept-Encoding,X-Forwarded-For,Client-IPno matter the case.I added support to pass original selected headers back to the client, for improved security and performance (eg. to allow the client to cache the JS files). As a consequence, I remove the hard-coded
Access-Control-Allow-Origin/Access-Control-Allow-Credentialsbecause they are sent by origin.Of course, this is open to discussion.
Thanks.