Huh. On staging I get a different error, which makes it sound like CORS *is* configured correctly for prod but not for staging.

"Failed to load https://chromium.googlesource.com/chromium/src/+log/54794b55e781258bde11a417eaa69f8c69c08671%5E..e63928b653566bc6c3bfc9a5157d32fe74055db1?format=JSON: The 'Access-Control-Allow-Origin' header has a value 'https://sheriff-o-matic.appspot.com' that is not equal to the supplied origin. Origin 'https://sheriff-o-matic-staging.appspot.com' is therefore not allowed access. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled."

This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

I don't see this problem on prod any more.