Read attachment from power-up - CORS on trello-attachments bucket

I’m trying to create a trello power-up that uses the contents of cards’ attachments. When the user clicks a button, I try to read the attachment by making an XHR to the attachment url on https://trello-attachments.s3.amazonaws.com. The request fails with a CORS error, because there is no Access-Control-Allow-Origin header on the response.

I think it would be reasonable for Trello team to add Access-Control-Allow-Origin: * on the attachments bucket’s CORS settings.

Otherwise, is there any way to read the contents of an attachment from a power-up without having to bounce through my own server?

Currently, there is no other way.

We are likely making changes to this sometime in the future, but I don’t have a timeline on the changes yet. As soon as I do, I’ll share more on the changelog board:(https://trello.com/b/dQHqCohZ/trello-platform-changelog) which will cross-post here.