From 585b4b75c2370260688027a164992ca385c867e3 Mon Sep 17 00:00:00 2001
From: xufanglu <3146974+likev@users.noreply.github.com>
Date: Sat, 11 Jun 2022 07:05:42 +0800
Subject: [PATCH] fix response headers and HSTS

1. https://stackoverflow.com/questions/5258977/are-http-headers-case-sensitive
2. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
---
 proxy.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/proxy.php b/proxy.php
index a778efc..4fecde0 100644
--- a/proxy.php
+++ b/proxy.php
@@ -178,12 +178,17 @@
 // (re-)send the headers
 $response_headers = preg_split('/(\r\n){1}/', $response_headers);
 foreach ($response_headers as $key => $response_header) {
+    //nowdays some headers are lowercase
+    $response_header = strtolower($response_header);
+    
     // Rewrite the `Location` header, so clients will also use the proxy for redirects.
-    if (preg_match('/^Location:/', $response_header)) {
+    if (preg_match('/^location:/', $response_header)) {
         list($header, $value) = preg_split('/: /', $response_header, 2);
         $response_header = 'Location: ' . $_SERVER['REQUEST_URI'] . '?csurl=' . $value;
     }
-    if (!preg_match('/^(Transfer-Encoding):/', $response_header)) {
+    
+    //skip transfer-encoding and strict-transport-security headers
+    if (!preg_match('/^(transfer-encoding|strict-transport-security):/', $response_header)) {
         header($response_header, false);
     }
 }