Origin header from client not being propagated causing CORs issues in browser

[deasydoesit]

In the old Helius architecture, it appears that the Access-Control-Allow-Origin header provided by the RPC proxy was simply propagated back in the response from Helius, preventing CORs issues from occurring on browser-based client applications.

In the new backend architecture, however, the above is no longer the case. Instead, the new architecture now takes the Origin header as provided by browser-based clients and adds it as the Access-Control-Allow-Origin header. In other words, the RPC proxy must either relay Origin headers provided by browser-based client applications, provide an Origin header when proxying browser-based client requests to Helius, or override response headers provided by Helius to include CORs headers (e.g., Access-Control-Allow-Origin) if no Origin is provided.

helius-rpc-proxy/src/index.ts

Lines 44 to 52 in fb22b5e

	const proxyRequest = new Request(`https://${pathname === '/' ? 'rpc' : 'api'}.helius.xyz${pathname}?api-key=${env.HELIUS_API_KEY}${search ? `&${search.slice(1)}` : ''}`, {
	method: request.method,
	body: payload || null,
	headers: {
	'Content-Type': 'application/json',
	'X-Helius-Cloudflare-Proxy': 'true',
	...corsHeaders,
	}
	});

[y4my4my4m]

Was this ever implemented? I dont see it in the code, but i see the last update is on the same date as this issue..