Like #119 (closed) but with the new version (#119 (closed) should be closed imo).
To allow the js client access the API from any site, we have to set Access-Control-Allow-Origin "*" in nginx conf.
But for security reason, we should limit the effect to the API part of the site.
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information