Allow one to add Access-Control-Allow-Private-Network true to CORS preflight

[mangelozzi]

The next release of Chrome (v101) will block CORS to private networks (I get this warning when I open the console):

A site requested a resource from a network that it could only access because of its users' privileged network position. These requests expose devices and servers to the internet, increasing the risk of a cross-site request forgery (CSRF) attack, and/or information leakage. To mitigate these risks, Chrome will require non-public subresources to opt-into being accessed with a preflight request and will start blocking them in Chrome 101 (April 2022). To fix this issue, ensure that response to the preflight request for the private network resource has the Access-Control-Allow-Private-Network header set to true.

I created a webservice I run locally that exposes custom data to my website. So it needs to allow Chrome to talk 127.0.0.1:5000.

Would you please add a configuation option ASAP to address this change in Chrome that is coming soon.

Out interest: The reason this was added, it seems some hackers hacked Polish routers via local host AJAX calls, and changed their DNS, so when people browsed banking websites, it would point them to their own websites, and they captured their banking details.

[lmm-git]

I believe this is done by #318