honoring the 'access-control-request-method','origin', and other CDR headers could aid a lot of development to work around that.