🐛 Fixed CORS for errors from Admin API

refs #10932

Previously we were only applying the cors middleware to the options
preflight request, which meant that if the request errored, the cors
headers would not be applied, resulting in the client being unable to
read response data. This applies the cors middleware to _all_ requests
to the Admin API.

core/server/web/api/v2/admin/routes.js

@@ -15,8 +15,7 @@ module.exports = function apiRoutes() {
     // alias delete with del
     router.del = router.delete;
 
-    // ## CORS pre-flight check
-    router.options('*', shared.middlewares.api.cors);
+    router.use(shared.middlewares.api.cors);
 
     const http = apiv2.http;