Rob Wu

> The protocols for the web access control products also rely on sending cookies and also query parameters during the authentication process, so do you think the out-of-box CORS-Anywhere would...

> If I removed the: > > ``` > 'cookie', > 'cookie2', > ``` > > Would that allow the cookies to not be dropped? The cookie would not be...

What's your real use case for wanting to override the response headers? The PR at #52 has been abandoned, but if a new PR comes in I am willing to...

> For the project I'm working on we needed to be able to set the correct cors for credentials. It works great now. I'll try to reopen the pr if...

First, the `setHeaders` option sets *request headers*, not *response* headers. Secondly, you are not supposed to touch `Access-Control-Allow-Origin`, because that is handled by CORS Anywhere. The logic responsible for setting...

@dotbloup > For sure, no browsers (chrome, firefox, safari, Edge) accept Access-Control-Allow-Origin: * as in the HTTP response headers. This statement is incorrect, because `Access-Control-Allow-Origin: *` is accepted, provided that...

@ondrek See https://github.com/Rob--W/cors-anywhere/issues/102#issuecomment-355933612 > What's your real use case for wanting to override the response headers? > > (...) if a new PR comes in I am willing to accept...

@fivitti The client can use `fetch` with `cache` to force certain caching behavior regardless of the response header: https://developer.mozilla.org/en-US/docs/Web/API/Request/cache

> @Rob--W I don't understand why you don't want to add this `setResponseHeaders` option? Its implementation is very straightforward and it's another useful feature to have for a number of...

In the log files I see that the cause of those 503 errors is H12 (Request timeout; likely because there are too many users of the service. A large number...