This commit makes CORS preflight requests handling more flexible by just skipping setting CORS response headers when no configuration is defined instead of rejecting them. That will have the same effect on user agent side (the preflight request will be considered as not authorized and the actual request not performed) but is more flexible and more efficient. Closes gh-31839