when enabled, add the header 'Access-Control-Allow-Origin: *' to the response to resolve CORS errors.
