def main(request, response):
    response.headers.set(b"Cache-Control", b"no-store")
    response.headers.set(b"Access-Control-Allow-Origin", b"*")

    if request.method == u"OPTIONS":
        if b"origin" in request.headers.get(b"Access-Control-Request-Headers").lower():
            response.status = 400
            response.content = b"Error: 'origin' included in Access-Control-Request-Headers"
        else:
            response.headers.set(b"Access-Control-Allow-Headers", b"x-pass")
    else:
        response.content = request.headers.get(b"x-pass")