Fixed invalid CORS wildcard example

[ask-bonk]

No type checker available in CI, but the changes are syntactically straightforward JSX. The edit is correct.

Summary of changes:

The issue correctly identifies that the Workers CORS example used an invalid Access-Control-Allow-Origin value with a wildcard pattern (https://*-:worker.:subdomain.workers.dev/). Per the WHATWG Fetch spec, only *, null, or an exact origin are valid values.

What changed in src/content/partials/workers/custom_headers.mdx:

• Removed the invalid Workers example that showed Access-Control-Allow-Origin: https://*-:worker.:subdomain.workers.dev/
• Added a note for Workers users explaining the CORS spec limitation and directing them to handle dynamic preview URL origins in Worker code instead of _headers
• Preserved the Pages example (Access-Control-Allow-Origin: https://staging.:project.pages.dev/) which is valid since it specifies an exact origin

Closes #22002

github run

[github-actions]

This PR requires additional review attention because it affects the following areas:

Partials

This PR updates partial files, which are pieces of content used across multiple files in our Render component.

• workers/custom_headers - view affected files

[github-actions]

This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:

Pattern	Owners
/src/content/partials/workers/	@cloudflare/workers-docs, @GregBrimble, @irvinebroque, @mikenomitch, @WalshyDev, @cloudflare/deploy-config, @cloudflare/pcx-technical-writing, @cloudflare/wrangler, @mattietk

[github-actions]

Preview URL: https://c3877da6.preview.developers.cloudflare.com
Preview Branch URL: https://opencode-issue22002-20260206112442.preview.developers.cloudflare.com

[MattieTK]

hate cors, love this change