Currently node-xmpp-bosh sets the Access-Control-Allow-Origin header to the wild-card character * and allows the user to configure static set of headers.

In cases where Access-Control-Allow-Credentials is specified as true, a value of * isn't permitted (see [step 3 in section 6.1](Simple Cross-Origin Request, Actual Request, and Redirects)). As Access-Control-Allow-Origin doesn't allow for a wildcard sub-domain it's beneficial in that case to allow the Access-Control-Allow-Origin to echo the Origin specified on the request, which is common practice

I'd like to PR in a config flag that allows this, and noticed this project hadn't been touched in a while. Is it still maintained, and if so, would you be open to this change?