From ca3e6d8d07a3b1abb501091ee20f33e8a12543ef Mon Sep 17 00:00:00 2001
From: Evgeniy Scherbina <evgeniy.shcherbina.es@gmail.com>
Date: Thu, 16 Nov 2023 16:10:54 -0500
Subject: [PATCH] Use safer approach when using cached headers (#76)

---
 service/middleware.go | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/service/middleware.go b/service/middleware.go
index 70b120d..86e46d8 100644
--- a/service/middleware.go
+++ b/service/middleware.go
@@ -244,16 +244,18 @@ func createProxyRequestMiddleware(next http.Handler, config config.Config, servi
 					Str("evm-method", decodedReq.Method).
 					Msg("cache hit")
 
-				w.Header().Add(cachemdw.CacheHeaderKey, cachemdw.CacheHitHeaderValue)
-				w.Header().Add("Content-Type", "application/json")
-				// add cached headers
+				w.Header().Set(cachemdw.CacheHeaderKey, cachemdw.CacheHitHeaderValue)
+				w.Header().Set("Content-Type", "application/json")
+				// add cached headers (if not already added)
 				for headerName, headerValue := range typedCachedResponse.HeaderMap {
-					w.Header().Add(headerName, headerValue)
+					if w.Header().Get(headerName) == "" && headerValue != "" {
+						w.Header().Set(headerName, headerValue)
+					}
 				}
 				// add CORS headers (if not already added)
 				accessControlAllowOriginValue := config.GetAccessControlAllowOriginValue(r.Host)
 				if w.Header().Get("Access-Control-Allow-Origin") == "" && accessControlAllowOriginValue != "" {
-					w.Header().Add("Access-Control-Allow-Origin", accessControlAllowOriginValue)
+					w.Header().Set("Access-Control-Allow-Origin", accessControlAllowOriginValue)
 				}
 				_, err := w.Write(typedCachedResponse.JsonRpcResponseResult)
 				if err != nil {