[release] v0.9.7

changelog.md

@@ -8,6 +8,7 @@
  - Fix loading bar in container overview page
  - Flush Etag cache on restart
  - Bootstrap containers when adding new routes to them
+ - Remove headers from origin server to prevent duplicates
 
 ## Version 0.9.0
  - Rewrote the entire HTTPS / DNS challenge system to be more robust and easier to use

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cosmos-server",
-  "version": "0.9.6",
+  "version": "0.9.7",
   "description": "",
   "main": "test-server.js",
   "bugs": {

src/proxy/routeTo.go

@@ -71,6 +71,7 @@ func NewProxy(targetHost string, AcceptInsecureHTTPSTarget bool) (*httputil.Reve
 		}
 		
 		req.Header.Set("X-Forwarded-Proto", originalScheme)
+		
 	}
 
 	if AcceptInsecureHTTPSTarget && url.Scheme == "https" {
@@ -82,6 +83,15 @@ func NewProxy(targetHost string, AcceptInsecureHTTPSTarget bool) (*httputil.Reve
 	proxy.ModifyResponse = func(resp *http.Response) error {
 		utils.Debug("Response from backend: " + resp.Status)
 		utils.Debug("URL was " + resp.Request.URL.String())
+		
+		resp.Header.Del("Access-Control-Allow-Origin")
+		resp.Header.Del("Access-Control-Allow-Methods")
+		resp.Header.Del("Access-Control-Allow-Headers")
+		resp.Header.Del("Access-Control-Allow-Credentials")
+		resp.Header.Del("Strict-Transport-Security")
+		resp.Header.Del("X-Content-Type-Options")
+		resp.Header.Del("Content-Security-Policy")
+		resp.Header.Del("X-XSS-Protection")
 
 		return nil
 	}

src/utils/middleware.go

@@ -65,7 +65,6 @@ func SetSecurityHeaders(next http.Handler) http.Handler {
 			// TODO: Add preload if we have a valid certificate
 			w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
 		}
-	
 		
 		w.Header().Set("X-Content-Type-Options", "nosniff")
 		w.Header().Set("Content-Security-Policy", "frame-ancestors 'self'")