[Bug/Feature Request] null origin in request headers leading to CORs failure

[colindunn109]

We are trying to render a PDF using a URL we fetch from the BE. These are retrieval URLs that are signed with a token that redirect us to the S3 resource that stores the actual document.
IE

http://localhost:9000/documents/retrieve?token=SOME_TOKEN

This endpoint lives on the 9000 host, but our app is being hosted on the 8000 host.
What this means that after we forward cookies in order to allow the initial BE request to pass, we are hit with a CORs policy failure due to our S3 bucket allowed_origins being set to *.

Error message:

Access to fetch at 'https://some-s3-instance/bucket_id/resouce_and_query_params' (redirected from 'http://localhost:9000/documents/retrieve/?token=SOME_TOKEN') from origin 'http://localhost:8000' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.

We can likely get around this by changing our BE. But was wondering if there was a way, OR if we could open a PR to allow for the forwarding of a specific origin. I believe bc the origin is set to null bc this 3rd party library is making the network request is causing us to get hit by the CORs policy. I believe if we are able to set same-origin the CORs policy should pass.

Thank you!