SplitHTTP server: Add global CORS headers for browser dialer

[PoneyClairDeLune]

Spotted a potential oversight sifting through the browser dialer section of SplitHTTP. If there are complications regarding CORS, this PR should fix them.

[mmmray]

I typically add them with nginx or cloudflare rules and never connect to the core directly. However, I recognize that this should be supported. I think splithttp in particular has already too many response header settings (noSSEheader), is it time for a generic responseHeaders setting?

Or actually, the headers can be added unconditionally if the path is validated, so no option is needed.

I also see you only set them for the GET branch, I think it's better to have those headers in h.config.WriteResponseHeaders so they get set for POST as well.

[Fangliding]

I think set it default should be enough, no need to add a new field

[PoneyClairDeLune]

@mmmray @Fangliding What about merging both into noDefaultHeaders?

[mmmray]

the reason one would want to disable SSE header is not related to this, so it feels awkward to couple them. I am now convinced that it's best to send them unconditionally.

[PoneyClairDeLune]

I'll remove the config option then.

[mmmray]

I think this will work. Thanks!

[RPRX]

@mmmray 话说 xmux 好像支持不了 browser dialer，因为 chrome 自动控制复用且没提供控制它的 API？

[mmmray]

Yes, I think that's correct. I can't control h2mux behavior or even the HTTP version at all. I guess one could redesign browser dialer so that xray is the one launching and controlling chromium (and then, it can launch many processes or tweak some about:config to force un-muxing), or maybe un-muxing can be done by opening many incognito windows, but it all feels very strange.

[RPRX]

@mmmray 写一下 #3823 (comment) ，这个月就它了

[mmmray]

I've seen the post, can't promise anything by end of month

[RPRX]

I've seen the post, can't promise anything by end of month

写起来绝对很简单，而且正好周末