b5c5c21926
Previously there was a missing call to `headers = requester(url, scheme, header_dict, origin)` in the "origin reflected" check. This meant that the code was not using the intended origin (`origin = root + '://' + 'example.com'`). Intead, the check incorreclty used the headers from the first request (with `origin = scheme + '://' + root`). This commit fixes this problem by making the missing request.