Add CORS headers to catchAll Error response

proxies/live/apiproxy/policies/AssignMessage.Errors.CatchAllMessage.xml

@@ -1,12 +1,6 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <AssignMessage async="false" continueOnError="false" enabled="true" name="AssignMessage.Errors.CatchAllMessage">
   <Set>
-    <Headers>
-      <Header name="Access-Control-Allow-Origin">{request.header.origin}</Header>
-      <Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept, content-type, nhsd-session-urid, x-correlation-id, x-request-id, nhsd-end-user-organisation-ods, nhsd-end-user-organisation</Header>
-      <Header name="Access-Control-Max-Age">3628800</Header>
-      <Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE</Header>
-    </Headers>
     <Payload contentType="application/json" variablePrefix="%" variableSuffix="#">
     {
         "resourceType": "OperationOutcome",

proxies/sandbox/apiproxy/proxies/default.xml

@@ -72,6 +72,9 @@
     <TargetEndpoint>sandbox</TargetEndpoint>
   </RouteRule>
   <DefaultFaultRule>
+    <Step>
+      <Name>AssignMessage.AddCors</Name>
+    </Step>
     <Step>
       <Name>AssignMessage.Errors.CatchAllMessage</Name>
     </Step>