I’ve written a worker to act as a reverse proxy for a few legacy systems that live on different hosts and in different directories but need to be reachable on a single site with an altered directory structure.
One of the largest issues I ran into was rewriting location headers, because I initially create a new Headers object and then appended the headers from the response’s headers object after changing the URLs. This got me in trouble, because
Ends up becoming “set-cookie: cookie1=value1, cookie2=value2” which browsers hate.
The solution to my specific problem was creating a new response as mentioned in https://developers.cloudflare.com/workers/templates/pages/alter_headers/ (though I would though that Response.clone() should also remove the immutable guard from the headers object!), as I only needed to change the Location header and Headers.set() is fine for doing that.
Had the set-cookie headers also needed rewriting (because of a domain or path setting), I would’ve been out of luck. Just using set() on a different header leaves the set-cookie headers in peace, so if the origin sends two headers, two headers will be passed on.
Maybe I’ve missed something? I believe that the Headers object needs to either provide a method to change each value without folding them (unless the origin had folded them?), or Headers.append() needs to treat set-cookie as an exception and not fold multiple values into one header.