Fixed
- Proxied Angular apps (CyberPower PowerPanel Business) no longer return 403 Forbidden for module scripts -- the
Originheader is now stripped from safe (GET/HEAD/OPTIONS) requests forwarded to backends, preventing Spring Security CORS rejection on apps with no CORS configuration; unsafe methods (POST/PUT/DELETE/PATCH) continue to send the rewrittenOriginfor CSRF compatibility