CORS Access-Control-Allow-Origin issue

[kalepail]

I've taken to deploying static sites via ViteJs recently but when including a .well-known stellar toml in the public directory I'm noticing CORS issues on Albedo. Other wallets seem able to resolve the toml just fine but Albedo is throwing this:

Access to fetch at 'https://nft.kalepail.com/.well-known/stellar.toml' from origin 'https://albedo.link' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

If I run the request in Albedo like this: await fetch('https://nft.kalepail.com/.well-known/stellar.toml') it fails but if I run it like this: await fetch('https://nft.kalepail.com/.well-known/stellar.toml', {mode: 'no-cors'}) it resolves just fine.

Is this something we'll always need a server to specifically set CORS headers or can you call the fetch request from your side in such a way as to successfully resolve the toml without me needing to set stuff on my end?

[kalepail]

Actually found a pretty easy way to use Cloudflare Workers to modify pages headers dynamically https://developers.cloudflare.com/pages/how-to/add-custom-http-headers

Added that and we seem to be golden now. Still seems like something worth looking into on your end if there's anything you can do but I'll close as my specific issue is resolved

[orbitlens]

We'll address CORS problem in the nearest future. In the recent release asset metadata is fetched from StellarExpert API in order to prevent client side tracking by third parties. After a few more improvements it should work flawlessly in all cases.

FWIW StellarTomlResolver from JS StellarSdk (and consequently, most of web apps) relies on CORS headers.