回答

新建一个worker，然后worker代码如下：

addEventListener('fetch', event => {
    event.respondWith(fetchAndApply(event.request));
})

async function fetchAndApply(request) {
    if (request.method === 'OPTIONS') {
        // 对于预检请求，设置允许的请求方法、请求头和响应头
        return new Response(null, {
          headers: {
            'Access-Control-Allow-Origin': '*',  // 允许的域名，可以设置具体的域名
            'Access-Control-Allow-Methods': '*',  // 允许的请求方法
            'Access-Control-Allow-Headers': '*'  // 允许的请求头，例如 Content-Type 和 Authorization
          }
        })
      } 

    let response = null;
    let method = request.method;
    let request_headers = request.headers;

    
   

    let url = new URL(request.url);
    let url_hostname = url.hostname;
    url.protocol = 'https:';
    url.host = 'generativelanguage.googleapis.com';


    
    let new_request_headers = new Headers(request_headers);
    new_request_headers.set('Host', url.host);
    new_request_headers.set('Referer', url.protocol + '//' + url_hostname);

   

    let original_response = await fetch(url.href, {
        method: method,
        headers: new_request_headers,
        body: request.body
    })
  

    let original_response_clone = original_response.clone();
    let original_text = null;
    let response_headers = original_response.headers;
    let new_response_headers = new Headers(response_headers);
    let status = original_response.status;

    new_response_headers.set('Cache-Control', 'no-store');
    new_response_headers.set('access-control-allow-origin', '*');
    new_response_headers.set('access-control-allow-credentials', true);
    new_response_headers.delete('content-security-policy');
    new_response_headers.delete('content-security-policy-report-only');
    new_response_headers.delete('clear-site-data');

    original_text = original_response_clone.body
    response = new Response(original_text, {
        status,
        headers: new_response_headers
    })

    return response

}