Lab 4 hacky solution

[tommyhegarty]

The fourth lab, when setting up preflight headers, tells you to set CORS preflight and change the status code to 200 in the event of an options call. This is really hacky -- if you put any sort of key or header verification in the proxy endpoint then this is only working because the program initially fails. Wouldn't it be safer and smarter to move api key verification, quota limiting, etc to a target endpoint and remove the default fault rule?