Add support for origin headers in CORS checking
Chrome and Safari send the Origin header when doing a POST request. It is legal as the RFC specify that user-agent MAY send it.
Unfortunately since the addition of the CORS checking mechanism it breaks sao when used on those browsers.
The patch checks if the Host header is the same as the hostname in Origin to do the CORS check as explained in https://stackoverflow.com/questions/15512331/chrome-adding-origin-header-to-same-origin-request