Embedding the CXone Messenger widget in a Next.js 13.5 app. Works fine on the prod build, but the dev server gets blocked immediately by a 403 Forbidden on the POST to /api/v2/digital/messaging/messages. The browser console screams Access-Control-Allow-Origin missing.
Fetch API cannot load https://api.mypurecloud.com/api/v2/digital/messaging/messages. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
The token is valid. The payload is standard JSON. Why is the dev environment treating this as a cross-origin violation when the prod build doesn’t?