Affects Version/s: None
Fix Version/s: None
Component/s: HTTP Interface
The current implementation of couch_httpd_cors:reduce_headers0/3 has a bug in matching against couch_httpd_cors:member_nocase/2, where the atom `true` should actually be the atom `false`: .
This currently has the effect of never removing the disallowed elements from the list, as desired. The immediate fix of `s/true/false/` on that line breaks two additional tests that expect the "Server" header to be passed through to the response, because "Server" is not in the list `?SIMPLE_HEADERS` , nor should it be as per the spec .
We'll want to construct a list of allowed headers that is the union of the simple headers and the allowed CouchDB headers, like "Server".