public function testItDoesNotReturnAllowOriginHeaderOnPreflightRequestWithOriginNotAllowed()
{
$_SERVER['HTTP_ORIGIN'] = 'http://api.foo.com';
$this->application->getDI()->getCors()->preflightRequests();
$headers = $this->response->getHeaders();
$this->assertFalse(isset($headers['Access-Control-Allow-Origin']));
}