fix: make reverse proxy strip origin/referer hdr

[cekrem]

Quick Summary: Strip Origin and Referer headers in the reverse proxy so that requests from lamdera live's in-browser fake backend don't appear to originate from a browser, avoiding CORS rejections and other server-side browser-detection issues.

SSCCE

-- N/A — this is a tooling fix in the reverse proxy, not an Elm code issue.

• Elm: N/A (tooling fix)
• Browser: N/A
• Operating System: N/A

Additional Details

The lamdera live dev workflow runs a fake backend in the browser. Requests routed through the reverse proxy (port 8001) carried browser headers like Origin and Referer, causing some servers to reject them or respond differently than they would to a real backend request. (Concrete example: Azure Entra with Authorization Code flow)

Fix: added a filter step in modReq (before the existing header transforms) to drop Origin and Referer. The User-Agent was already being replaced with "node", so this completes the picture of making proxied requests look like they come from a non-browser client.

Bumped patch version to 1.4.2.

[miniBill]

The header change seems sensible, but please don't touch the version number. We'll do that as part of the release process

[cekrem]

The header change seems sensible, but please don't touch the version number. We'll do that as part of the release process

Very sorry, didn't mean to overstep. I'll revert that one.