Q&A embeds to Stack Exchange Broken due to CORS

[tfoote]

This is blocked on upstream. Workarounds are to remove it, or to proxy the data.

For example here under the Q&A tab: https://index.ros.org/p/tf2/#noetic-questions we use javascript to load the latest questions and render previews for the users. However as you can see the fetch is failing, and looking at the console the error is tf2/#noetic-questions:1 Access to XMLHttpRequest at 'https://robotics.stackexchange.com/feeds/tag/tf2' from origin 'https://index.ros.org/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Looking at the header for the feed Request URL: https://robotics.stackexchange.com/feeds/tag/tf2 Request Method: GET Status Code: 200 OK Remote Address: 172.64.144.30:443 Referrer Policy: strict-origin-when-cross-origin

Stack Exchange is explicitly preventing this embedding and the browser is enforcing it. I can hit it directly without a problem. And with an extension I can confirm that it will work mucking with the inbound headers. But for compliant browsers it's going to remain broken unless Stack Exchange changes their

I found a related thread here: https://meta.stackoverflow.com/questions/380804/is-it-possible-to-enable-cors-on-the-rss-feed

And it looks like there was a regression in the past that got fixed here:

• https://meta.stackoverflow.com/questions/391242/se-api-is-randomly-responding-with-site-is-required-errors-and-now-cors-errors/391352#391352
• https://meta.stackexchange.com/questions/338345/api-has-been-failing-with-cors-errors-since-11-13