upgrade from hydrogen 1.3.2 to 1.6.1 shows CORS error when calling storefront API

[yangcheng]

HI
I have a working hydrogen site that was using hydrogen 1.3.2, when I upgrade to 1.6.1 by simply change the dependency in package.json, I start to get CORS errors when calling storefront API, [not admin apis]

Access to fetch at 'https://<storename>.myshopify.com/api/2022-07/graphql.json' from origin 'https://<pr>-staging.workers.dev' has been blocked by CORS policy: Request header field baggage is not allowed by Access-Control-Allow-Headers in preflight response.

is there a place I can control the CORS allowed list?
Thanks

[frehner]

Do you have a reproduction of this, for example using https://hydrogen.new ?

[yangcheng]

I go a reply from discord support channel, mentioned that some other errors will surface as CORS. I fixed other issues and It's working now. Thanks! Probably due to 1.6.3 supports private token and rate limiting