while here:
- send cors headers even if the status is 404
- add: access_control_expose_headers config option - list of additional headers sent in Access-Control-Expose-Headers
- add: access_control_allow_credentials config option - if true return Access-Control-Allow-Credentials header equal "true"