Access to XMLHttpRequest at 'http://127.0.0.1:8000/' from origin 'https://musicbrainz.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
This can be resolved by the browser integration by setting a Access-Control-Allow-Origin response header.
While the current integration does not require this (the browser integration is just a link), having this supported would allow more flexibility for the future. E.g. the website could check if Picard is available, as I have prototyped with a user script.
We should consider restricting the possible origin hosts to accept.