unfortunately they also did not include user-agent as an allowed header, and setting it here results in CORS errors, e.g.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.flickr.com/services/[...]. (Reason: header ‘user-agent’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).
despite the API change mentioned in #157, it looks like the flickr API did not go through with the change: https://www.flickr.com/groups/51035612836@N01/discuss/72157721918374433/72157721918410230.
unfortunately they also did not include
user-agentas an allowed header, and setting it here results in CORS errors, e.g.