Remove raw CORS headers (#857)

#855 missed a case where CORS headers are explicitly set.
This remaining code results in multiple copies of the
`Access-Control-Allow-Origin` header, which is not valid.

Author: srikrsna-buf

internal/app/referenceserver/impl.go

@@ -619,8 +619,6 @@ func makeRawGRPCWebResponse(err *connect.Error, contentType string, headers, tra
 		Headers: append(
 			headers,
 			&conformancev1.Header{Name: "Content-Type", Value: []string{contentType}},
-			&conformancev1.Header{Name: "Access-Control-Allow-Origin", Value: []string{"*"}},
-			&conformancev1.Header{Name: "Access-Control-Expose-Headers", Value: []string{"*"}},
 		),
 		Body: &conformancev1.RawHTTPResponse_Stream{
 			Stream: &conformancev1.StreamContents{