Headers customization

[iamoskvin]

I have met several difficulties. Maybe you could make some changes.

1. If I make cross-site request, then Upgrade-Insecure-Requests is not suitable. So, I need to remove it by myself after headers generation.
2. If I do POST instead of GET, I need to add content-type and content-length headers. And I need them in the right order. But your ordering file does not include them, so I need to do ordering by myself.
   The same is true for Origin header.
3. Also, for cross-site requests I need to change the cors headers and it is now convenient now too. I can't pass them as additional headers: it does not works reliable due to case sensitivity etc. So, I need to modify cors headers after generation. Probably, this is not the best way too.

Thank you.

[barjin]

Hello and thank you for submitting this issue!

Other than the second point (which I have already prepared a PR for, see #190), your requests seem to be centered on your use case. Can you please provide a better description of what you are trying to achieve with this library (possibly share some snippets of your code), so it gives us a better idea of what your priorities are? Thanks!

[iamoskvin]

Hello, and thank you for the answer.
I am making a cross-site POST-request. I don't think that code snippets are relevant for the explanation. I could write headers if it needed for clarity.
I think we have three different things here.

1. Headers list (what headers should be included and excluded from this particular request).
2. Headers values (for cross-site requests, we need to modify the provided cors headers).
3. Headers ordering.
   PR 190 should solve the first problem. The second is not a big problem.

But the ordering seems complicated. I ran your solver script and also made different requests in different browsers manually and saw headers in Wireshark. It looks like in Chrome request headers are in different orders for different requests. I don't know which parameters determine the header order. For now, I just give the exact order for needed request and sort headers in this order. But this is an ad hoc way and not convenient.
So, it seems that for POST requests, your ordering solution does not work properly (at least for Chrome).