No CORS header set in dashboard API response headers

I’m trying to make a simple React web app to show node stats by querying the dashboard API. However, my browser gives a CORS error when I make the request:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at (Reason: CORS header 'Access-Control-Allow-Origin' missing).

I’m not an expert in this but from what I’ve googled around it looks like the response headers from dashboard API should have “Access-Control-Allow-Origin” set to “*” for this to work.

The API itself works fine, I tested it with a Python script.

Any ideas? Am I doing something wrong here or should I make a suggestion to the devs?

You are correct! This isn’t implemented AFAIK. Ideally we’d allow users to configure CORS and implement the necessary endpoints for the OPTIONS requests. This would be a good thing for a feature request.