davewhiteland
commented
2 months ago Closed in fe14f8b546592fd386f3f3ca9dacfa547add67e4
Took longer than it should have done because I am a chump, but the api/upload endpoint now sends CORS-wildcard headers back (for OPTIONS (pre-flight check) and POST methods).
AJAX requests (using native fetch API in Firefox and Safari) now punch through where otherwise they were failing.
I'm not sure we've got friendly CORS headers set up to make e.g., a javascript implementation in a student's editor straightforward. Need to check this!