[main] support adding cross origin resource policy for #1851

[siyuniu-ms]

related to #1851

[MSNev]

General comment on the timing of this change. Can you ask the backend people on the timeframe that they believe they will be able to implement this change as we should not commit this change until the backend supports it (and we validate that it's working), to avoid someone accidently enabling this and causing all requests to stop. As this will most likely cause an OPTIONS call (CORS validation) requesting whether the required header can be sent and if the server doesn't know anything about it the browser may block the call completely.