I’m trying to create a trello power-up that uses the contents of cards’ attachments. When the user clicks a button, I try to read the attachment by making an XHR to the attachment url on https://trello-attachments.s3.amazonaws.com. The request fails with a CORS error, because there is no Access-Control-Allow-Origin header on the response.
I think it would be reasonable for Trello team to add Access-Control-Allow-Origin: * on the attachments bucket’s CORS settings.
Otherwise, is there any way to read the contents of an attachment from a power-up without having to bounce through my own server?