When I configure an APIM API for CORS, and make a request whose Origin header value is not white-listed in the CORS policy, APIM should be responding with an error http status. However, it is returning a 200 status, with none of the response content (headers and body) you would expect from a successful call to that endpoint.

Steps to reproduce:

1) Create a new instance of APIM. Echo API should be available by default.

2) Update the inbound policy of Echo API to the following: