uploads: Stop putting API headers on local-file upload responses.

These only need the usual response headers, not the
Access-Control-Origin headers that API endpoints need.

puppet/zulip/files/nginx/zulip-include-frontend/uploads-internal.conf

@@ -40,7 +40,7 @@ location ~ ^/internal/s3/([^/]+)/(.*) {
 # Internal file-serving
 location /internal/local/uploads {
     internal;
-    include /etc/nginx/zulip-include/api_headers;
+    include /etc/nginx/zulip-include/headers;
     add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self'; object-src 'self'; plugin-types application/pdf;";
     include /etc/nginx/zulip-include/uploads.types;
     alias /home/zulip/uploads/files;