Cors error while fetching identityObject from code_uri

From my website I’m using the fetch api to get the indentity object from a code_uri returned after the KYC verification process.
When I fetch the IdentityObject from the provider NotaBene I get a cors error. Should I use some particular headers?

To reproduce simply perform a KYC process with NotaBene, obtain a code_uri and from a browser console send the fetch request:


CORS is browser protection together with the Notabene server. You cannot send headers to disable it.

Notabene would need to whitelist your domain for CORS, which it won’t do.

It’s unclear why you would be retrieving identity objects from a browser session.

I’m retrievin g the identity object from the browser because I’m creating a browser wallet

So how is it possible that the concordium browser wallet extension can fetch the identityObject even in localhost?
Is the extension ignoring cors?

Browser extensions run in a different context than normal websites, so they can do more.

This is browser/Chrome behaviour, not something we control.