no CORS header for streaming API
Created by: rvantonder
No CORS header is set for streaming API, in particular, lack of Access-Control-Allow-Origin means browser requests from domains other than sourcegraph.com are blocked. Here's where most of our streaming headers are set:
I think it makes sense to support for other web apps to use (related to https://github.com/sourcegraph/sourcegraph/issues/18847. I'm not sure whether we confirmed that we allow GQL requests from other origins since that was posted though--I'll see if I can confirm)