v1.0.1: [TASK] Skip fake CORS requests

Unfortunately chrome XHR always adds the HTTP_ORIGIN header, no matter
if its an actual cross domain request or just targets the very same
location. So server side CORS handling needs to detect those and skip
response handling. Otherwise every local domain would be required to be
added to the "allowOrigins" section.