Ah yeah I wasn't thinking about that. 
It's natively stripped when executing fetch in the browser environment, I believe. The use case that we previously discussed with RoseRey was specific to workflows, where we ultimately ended up with something like this:
import requests
url = "https://www.base-url.com/api/"
headers = {"Authorization": "Bearer <TOKEN>"}
response = requests.get(url, headers=headers, allow_redirects=False)
location = response.headers.get("Location")
response2 = requests.get(location, headers=headers)
return response2.text
Unfortunately, I think the only official option is to put this logic in a workflow. We're getting pretty close to releasing backend functions, though, which will enable this!
It might be worth reaching out to Andrew. 