Webserver-level CORS header manipulation

[mhsdef]

We need some way to set CORS headers at wp-now's Express server level similar to what can be done with .htaccess in Apache setups:

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "_origin here_"
</IfModule>

We do have a mu-plugin that spins in the PHP handling and that's a solution for most folk since the typical situation is API backend; but, a plugin approach doesn't cover things like, say, a cross-origin static resource @font-face load (in Firefox) to a WP backend which matters for the way we're using WP in our case.

Our use case is fairly unique, but, WP deployments can get "unique" in the real world, so I do think Express header manipulation makes general sense for a certain segment of users.

Maybe something like..?

wp-now --headers <whatever ux makes sense>

[mhsdef]

Or, riffing further, a way to do it via the config feels even better.

{
      "step": "setWebserverHeader",
      "header": "Access-Control-Allow-Origin http://localhost:3000"
}

[adamziel]

cc @sejas