The Olivier Poitrey Go CORS handler through 1.3.0 actively converts
a wildcard CORS policy into reflecting an arbitrary Origin header
value, which is incompatible with the CORS security design, and
could lead to CORS misconfiguration security problems.

CVE-2018-20744
Signed-off-by: Yoan Blanc <yoan@dosimple.ch>