Remove header stripping for non-STANDARD_WEBSOCKET_HEADERS in Cloudflare Workers #3659
Description
The current implementation in @rivetkit/cloudflare-workers strips headers that are not included in STANDARD_WEBSOCKET_HEADERS when forwarding requests to actors (see manager-driver.ts).
This behavior was originally implemented because we passed security-sensitive headers internally when communicating with actors. This logic no longer exists, so the header stripping is now unnecessary and causes issues for users relying on headers like Cookie for authentication.
Current behavior:
Headers not in STANDARD_WEBSOCKET_HEADERS are stripped from requests forwarded to the actor's onBeforeConnect handler.
Expected behavior:
All headers should be forwarded to the actor, allowing cookie-based session authentication and other header-dependent workflows.