Read attachment from power-up - CORS on trello-attachments bucket

I’m trying to create a trello power-up that uses the contents of cards’ attachments. When the user clicks a button, I try to read the attachment by making an XHR to the attachment url on The request fails with a CORS error, because there is no Access-Control-Allow-Origin header on the response.

I think it would be reasonable for Trello team to add Access-Control-Allow-Origin: * on the attachments bucket’s CORS settings.

Otherwise, is there any way to read the contents of an attachment from a power-up without having to bounce through my own server?

1 Like

Currently, there is no other way.

We are likely making changes to this sometime in the future, but I don’t have a timeline on the changes yet. As soon as I do, I’ll share more on the changelog board:( which will cross-post here.

1 Like

@bentley I was wandering if anything changed regarding the matter since January. Being able to process the attached files would be most appreciated.

No, nothing has changed.

Hi @bentley!

We faced with the same problem in Planyway. Do you have any updates on this?