[optimization] the restful api source requires that the http endpoint's response has `Access-Control-Allow-Origin` header 

not a required feature as this is a trick of http client.

compare to appsmith which does't need it.