From c5a3877e6c42b3850702de49a97cf61e560f01c4 Mon Sep 17 00:00:00 2001
From: Nikolay Derkach <nderk@me.com>
Date: Thu, 20 Aug 2015 20:05:50 -0700
Subject: [PATCH] add setHeaders option

---
 README.md            |  2 ++
 lib/cors-anywhere.js |  6 +++++-
 test/test.js         | 20 ++++++++++++++++++++
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 970589f..be144e6 100644
--- a/README.md
+++ b/README.md
@@ -100,6 +100,8 @@ The following options are recognized by both methods:
   Example: `['Origin', 'X-Requested-With']`.
 * array of lowercase strings `removeHeaders` - Exclude certain headers from being included in the request.  
   Example: `["cookie"]`
+* dictionary of lowercase strings `setHeaders` - Set headers for the request (overwrites existing ones).  
+  Example: `{"x-powered-by": "CORS Anywhere"}`
 
 `createServer` recognizes the following option as well:
 
diff --git a/lib/cors-anywhere.js b/lib/cors-anywhere.js
index d90753c..1a4c490 100644
--- a/lib/cors-anywhere.js
+++ b/lib/cors-anywhere.js
@@ -200,7 +200,8 @@ var getHandler = exports.getHandler = function(options, proxy) {
     originBlacklist: [],      // Requests from these origins will be blocked.
     originWhitelist: [],      // If non-empty, requests not from an origin in this list will be blocked.
     requireHeader: null,      // Require a header to be set?
-    removeHeaders: []         // Strip these request headers
+    removeHeaders: [],        // Strip these request headers.
+    setHeaders: []            // Set these request headers.
   };
   if (options) {
     Object.keys(corsAnywhere).forEach(function(option) {
@@ -293,6 +294,9 @@ var getHandler = exports.getHandler = function(options, proxy) {
       delete req.headers[header];
     });
 
+    Object.keys(corsAnywhere.setHeaders).forEach(function(header) {
+      req.headers[header] = corsAnywhere.setHeaders[header];
+    });
 
     req.corsAnywhereRequestState = {
       location: location,
diff --git a/test/test.js b/test/test.js
index 595a839..935e06f 100644
--- a/test/test.js
+++ b/test/test.js
@@ -478,6 +478,26 @@ describe('removeHeaders', function() {
   });
 });
 
+describe('setHeaders', function() {
+  before(function() {
+    cors_anywhere = createServer({
+      setHeaders: {'x-powered-by': 'CORS Anywhere'},
+    });
+    cors_anywhere_port = cors_anywhere.listen(0).address().port;
+  });
+  after(stopServer);
+
+  it('GET /example.com', function(done) {
+    request(cors_anywhere)
+      .get('/example.com/echoheaders')
+      .expect('Access-Control-Allow-Origin', '*')
+      .expectJSON({
+        host: 'example.com',
+        'x-powered-by': 'CORS Anywhere'
+      }, done);
+  });
+});
+
 describe('httpProxyOptions.xfwd=false', function() {
   before(function() {
     cors_anywhere = createServer({