Newer grafana sends an options request that graphite responds to with a
400 response. This response did not include allowed origin headers
because it is a failure case. Update this header and the allowed methods
header to always be included even on 400 or other error responses.
This should ideally address the CORS errors we see with updated grafana.
An alternative is to update grafana to proxy the requests for us, but
this is less flexible as other tools may not have built in proxies.
The suggestion comes from this stackoverflow question and answer:
https://stackoverflow.com/questions/20414669/nginx-add-headers-when-returning-400-codes
Change-Id: Icf1179d35e420384da72af839ca329548226ee63
088df00edc