CORS error on spec-compliant browsers like Firefox and potentially Safari

[MaybeThisIsRu]

I am using the node-fetch library to make a GET request to the following URL:

https://webmention.io/api/mentions.jf2?domain=example.com&token=token_example

On Firefox, I can see the following in my console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://webmention.io/api/mentions.jf2?domain=example.com&token=token_example. (Reason: CORS request did not succeed).

On trying to look around the web, I have a solitary article from Jeremy Wynn here, if it helps. As per their article, the issue is only observed on Safari and Firefox, and perhaps has something to do with how Firefox and Safari are making a preflight request and getting an invalid preflight response, thereby not proceeding with the actual request-response cycle.

Edit

Some more findings below:
CORS-specification compliant browsers will send an OPTIONS request before making the actual CORS request. I investigated controller.rb briefly and it seems this service uses Sinatra. I'm not proficient at all in Ruby so I hope it isn't a misreading.

Others have fixed their problems by using a CORS plugin for Sinatra, such as, sinatra-cross_origin. Resources linked below, in case they are of any assistance:

• https://medium.com/addval-labs/adding-cors-configuration-to-a-sinatra-app-1ed426e2c028
• https://github.com/britg/sinatra-cross_origin/#responding-to-options
• Doesn't appear to properly respond to OPTIONS request britg/sinatra-cross_origin#18

Library and browser versions as follows:

• node-fetch: 2.6.0
• Firefox on Ubuntu 19.10: 75.0 (64-bit)
• Chrome on Ubuntu 19.10: 81.0.4044.113 (Official Build) (64-bit)

[friedger]

jsonp option should help you (https://github.com/aaronpk/webmention.io#jsonp)

[aaronpk]

Closing in favor of #192