Here's another small one: The default CORS=true setting is broken. This fixes it, so cors is enabled by default.
fixing default cors settings
Actually, without this, the cors setting doesn't work at all. It will always be "undefined" even though you set it in the options. I would love if you could publish this to npm :-)
adding bustom header declaration
adding argument to bin
Also, I just added another feature that you might or might not like. Most API's have the ability to send custom headers to the server, and allow these in CORS requests. This pull request adds the ability to add a string of custom headers, either directly to the canned() object, or though the bin arguments. So you can run it like this:
canned --headers "Authorization, Another-Header"
... and these will automatically be added to the allowed CORS headers.
I don't use CORS personally but this looks good. Will merge and publish