Drop redundant Access-Control-Allow-Origin on webapp endpoints
This is now implemented in the webapp backend directly.