Jens Mueller discovered that an incorrect regular expression in rack-cors may lead to insufficient restriction of CORS requests.