[v6.0.3] Access-Control-Allow-Origin: "null", can't switch to "*"

[thomsh]

Hi,
Starting using tzindex, looklike to be a great explorer api for tezos, however I found that the CORS policy is not set as intended:

Not working as excepted:

1. Excepted to be set to Access-Control-Allow-Origin: * when using arg --enable-cors
2. Excepted to be set to Access-Control-Allow-Origin: * when using docker env variable 'TZ_SERVER_CORS_ORIGIN=*' to set it to Access-Control-Allow-Origin: *
   I got it set to Access-Control-Allow-Origin: for both case

Working as excepted:
However the docker env var with something else that * like TZ_SERVER_CORS_ORIGIN=http://example.com works !

i'm using the docker image on docker hub tag:v6.0.3
Example to reproduce, http://172.17.0.1:8732 is a valid tezos node,

docker run -it --rm \
  -v /data/tzindex:/data:rw -p 0.0.0.0:8000:8000 \
   -e 'TZ_SERVER_CORS_ORIGIN=*' \
  blockwatch/tzindex:v6.0.3 \
  tzindex run --enable-cors --dbpath /data --rpcurl http://172.17.0.1:8732

Then have a look to the http header:
curl -v http://localhost:8000 serach Access-Control-Allow-Origin header