When developing web in localhost, I'm running `http://localhost:3000/comm` in browser, but the web app reaches keyserver using IP address: `http://xx.xx.xx.xx:3000` so e.g. uploaded media are fetched with the following URI: `http://IP_ADDR:3000/comm/upload/86797/7f9059dc4458e215`
This works for `<img src="uri">` but not for `fetch()` (used for encrypted media) where it fails with CORS error: `No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin http://localhost:3000 is therefore not allowed access`.
Added CORS header for development only that adds `localhost` to allowed origins. This affects only the `upload` endpoint.
This shouldn't affect production, as it is the same origin: `web.comm.app`