I created my own service to generate a JWT for WeatherKit. When I use this JWT in Postman it works as expected.
However, if I use it in my React application I get a 403 CORS pre-flight check error. What this essentially means is by nature, Safari - before doing the GET call with Authorization header - it does a preflight check OPTIONS call without headers, to check if the service will accept the request. Unfortunately this generates a 403 error instead of an 200, so the GET Call with Authorization header cannot be made.
Is this by design to prevent webfrontends from accessing the API or is this a bug I encountered? Thank you!