CORS error when attempting to log in as source

[eloquence]

When attempting to log in as a source in Firefox or Chrome using the signal-proto-focal server branch, I get the following CORS errors on the console. Firefox error output:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://127.0.0.1:8080/api/v2/register. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://127.0.0.1:8080/api/v2/register. (Reason: CORS request did not succeed). Uncaught (in promise) err: no AuthCred found

(I was able to get it to work by forcibly disabling CORS checks via a browser extension.)

[conorsch]

This has bitten me before, too. Easy to reproduce if you browse to http://localhost:8080 :

However, if you browse to http://127.0.0.1:8080, then the problem doesn't occur:

I believe that's caused by the 127.0.0.1 value being hardcoded in places like https://github.com/freedomofpress/securedrop/blob/08068350941d22e02e8f041ffcb958635da704db/securedrop/static/js/messaging.js#L131