From b90996f56e780ead0d7c5e4bb46c093810a6e330 Mon Sep 17 00:00:00 2001
From: jdolle <1841898+jdolle@users.noreply.github.com>
Date: Thu, 2 Jan 2025 13:03:13 -0800
Subject: [PATCH] docs: Mention CORS requirement in preflight script docs
 (#6253)

---
 .../pages/docs/dashboard/laboratory/preflight-scripts.mdx | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/packages/web/docs/src/pages/docs/dashboard/laboratory/preflight-scripts.mdx b/packages/web/docs/src/pages/docs/dashboard/laboratory/preflight-scripts.mdx
index 19d114a5d..8768c1289 100644
--- a/packages/web/docs/src/pages/docs/dashboard/laboratory/preflight-scripts.mdx
+++ b/packages/web/docs/src/pages/docs/dashboard/laboratory/preflight-scripts.mdx
@@ -112,3 +112,11 @@ curly braces, for example:
 This will replace `{{access_token}}` with the value of the `access_token` environment variable.
 
 <Screenshot>![](./headers.png)</Screenshot>
+
+## CORS
+
+<Callout type="warning">
+  **Note**: Preflight scripts are ran inside an iframe and due to how browsers have implemented this
+  feature, the "Origin" header will be `"null"`. If you encounter a CORS error, try whitelisting the
+  origin `"null"`. This is not recommended for production environments.
+</Callout>