make the API CORS compliant
because it should be queried from anywhere.
We should limit this "openning" to API URL only.
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information