The problem is that the headers get doubled up (not overwritten) and
browsers do not like multiple values for the allowed origin even though
it appears the spec allows for it.
We could prefer the application's headers instead of ours but since we
control OPTIONS I think preferring ours will by the more consistent
experience and also aligns with the original RFC.
* chore: update port forward dashboard docs for coder_app and sharing
* Update docs/networking/port-forwarding.md
Co-authored-by: Ben Potter <ben@coder.com>
