v1.1.0
This version changes the behavior when an origin is not allowed. Previously, it returned the value "null" for Access-Control-Allowed-Origin. Although this is compliant with the specification, it seems that there are ways that this can be exploited to grant access when it should not be granted.
Therefore, this implementation now responds with no Access-Control headers if the origin is not allowed. Thanks to @Akcbryant for making this happen.