"Access-Control-Allow-Origin" header missing in JSON-RPC response

[Iznogood1]

Feature request

Is it possible to set the "Access-Control-Allow-Origin" header in JSON-RPC response?

What problem does this feature solve?

CORS request to json-rpc from a web-app is blocked because the current header is
{
"content-length": "xxx",
"content-type": "application/json",
"date": "Sun, 24 Jul 2022 08:34:59 UTC",
"server": "Hyperion http-Webserver"
}
Adding "Access-Control-Allow-Origin: *" would allow CORS request.

What does the proposed API look like?

Just update the header to
{
"content-length": "xxx",
"content-type": "application/json",
"date": "Sun, 24 Jul 2022 08:34:59 UTC",
"server": "Hyperion http-Webserver"
"Access-Control-Allow-Origin": "*"
}

How should this be implemented in your opinion?

I guess it is just one line to add in the code

Are you willing to work on this yourself?

Unfortunately I am not skilled enough...