Issue #2850034 by hampercm, dawehner, Wim Leers: CORS allow-origin '*' not possible because of cached headers