Not sure if this could be cleavr nginx configuration issue or I have some problem no one can answer on forums 
Anyway, I keep getting:
Access to XMLHttpRequest at 'https://dev.my-domain.app/storage/files/DWvHfglNXOlppAVv77fhQAz6fcfzDOz8klZF58Yc.png' from origin 'https://user-1.dev.my-domain.app' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Now I tried:
Editing cors.php config with clearing the config cache:
return [
'paths' => ['*'],
'allowed_methods' => ['*'],
'allowed_origins' => ['*'],
'allowed_origins_patterns' => ['*'],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => true,
];
I tried hard coding it in bootstrap/app.php:
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: *');
header('Access-Control-Allow-Headers: Origin, X-Requested-With,Authorization, Content-Type, Accept');
I tried adding it to site nginx config:
location /storage/ {
add_header Access-Control-Allow-Origin *;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, PATCH, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
Or even directly under including cleavr-conf outside of location.
But seems like nothing works, could it be that cleavr is blocking these somehow or do you know something else? @amiedema