There was previously a github issue related to permitting any header for a cors check, and i believe other frameworks have a mode where it will respond with permission for the headers in A*ccess-Control-Request-Headers - Is this something that might be of interest adding to the cors feature?*