Add "Access-Control-Allow-Origin" header to AllowHeaders

[santosh]

When client sends Access-Control-Allow-Origin, server must respond with the same domain(s). If not done, preflight response fails.

With this change, AllowHeaders slice has Access-Control-Allow-Origin present, which does nod need any additional configuration and works out of the box on cors.Default().

This is a fix to #84.