Corsair adds Access-Control-Allow-Origin to the response headers, even if your app raises an error.
Varvet
MIT