Allow `icy-metadata` and `icy-metaint` in default CORS configuration
I noticed that many of the public streams I've encountered have a wide-open Access-Control-Allow-Origin policy, but do not allow access to request the
Icy-Metadata header nor allow access to read the
Icy-MetaInt header in the response. This prevents any clients that honor CORS (i.e. browsers) from requesting or reading icy metadata.
This patch is to allow cross-origin access to the
Icy-MetaInt headers by default. Also, this patch inserts the
Access-Control-Expose-Headers into the default XML configuration so that icy metadata works by default. Users can opt-out of it like they can with
The main use-case is to enable browsers to read icy metadata via a cross-origin request. I'm building a client side library that does that here: icecast-metadata-js. The inline metadata offers immediate metadata updates with no noticeable latency, which is really valuable in certain contexts, like for broadcasting police / fire scanner metadata, or ad insertions, etc.