def main(request, response):
    headers = [(b"X-Request-Method", request.method),
               (b"X-Request-Content-Length", request.headers.get(b"Content-Length", b"NO")),
               (b"X-Request-Content-Type", request.headers.get(b"Content-Type", b"NO")),
               (b"Access-Control-Allow-Credentials", b"true"),
               # Avoid any kind of content sniffing on the response.
               (b"Content-Type", b"text/plain")]

    origin = request.GET.first(b"origin", request.headers.get(b"origin"))
    if origin != None:
        headers.append((b"Access-Control-Allow-Origin", origin))

    request_headers = request.GET.first(b"origin", request.headers.get(b"access-control-request-headers"))
    if request_headers != None:
        headers.append((b"Access-Control-Allow-Headers", request_headers))

    request_method = request.GET.first(b"origin", request.headers.get(b"access-control-request-method"))
    if request_method != None:
        headers.append((b"Access-Control-Allow-Methods", b"OPTIONS, " + request_method))

    content = request.body

    return headers, content