Also, I just added another feature that you might or might not like. Most API's have the ability to send custom headers to the server, and allow these in CORS requests. This pull request adds the ability to add a string of custom headers, either directly to the canned() object, or though the bin arguments. So you can run it like this:

canned --headers "Authorization, Another-Header"

... and these will automatically be added to the allowed CORS headers.