Please add X-Hasura-Role to the list of allowed CORS headers.

We are working around this problem by placing the service used for file upload and hasura-storage behind an nginx reverse proxy.

I searched for similar issues, but It looks like most other examples of usage either set the x-hasura-admin-secret, or set the x-hasura-default-role to the desired role. Our usage of hasura is to get a JWT with a list of roles and a default set, then select the role by setting the X-Hasura-Role in the request headers.

Sounds good, if you want to open a PR yourself that'd be appreciated, otherwise, I will try to get to it as soon as possible.