I’m not too studied-up on CORS, but I know what it’s there for. Currently there’s a number of things that are not possible to do because our generator is on a different subdomain than other generators or iframes, etc. etc. and even the top-level page we’re actually on.
With that allowed (I think CORS can allow this), there’s a lot more customisation we can do of things like t2i image iframes and gallery iframes, reading/changing the top-level url, etc. Maybe that’s something you don’t want to allow, but I for one have wanted to do these things for completely benign legit reasons multiple times.
👍