fix: check for default headers before appending to cors header failures (#4015)

Author: saska

litestar/middleware/_internal/cors.py

@@ -113,8 +113,12 @@ def _create_preflight_response(self, origin: str, request_headers: Headers) -> R
                 response_headers["Access-Control-Allow-Headers"] = ", ".join(
                     sorted(set(pre_flight_requested_headers) | DEFAULT_ALLOWED_CORS_HEADERS)  # pyright: ignore
                 )
-            elif any(header.lower() not in self.config.allow_headers for header in pre_flight_requested_headers):
-                failures.append("headers")
+            else:
+                all_allowed_headers = set(self.config.allow_headers).union(
+                    default_header.lower() for default_header in DEFAULT_ALLOWED_CORS_HEADERS
+                )
+                if any(header.lower() not in all_allowed_headers for header in pre_flight_requested_headers):
+                    failures.append("headers")
 
         return (
             Response(