BUG: "Open in StackBlitz” button broken by CORS

[coder0107git]

Describe the bug
When the "Open in StackBlitz" button is requested with CORS (i.e. <img crossorigin="anonymous" ...>), it isn't loaded.

To Reproduce
Steps to reproduce the behavior:

1. Run the following HTML

<!-- Broken badge -->
<img alt="Open in StackBlitz" 
     crossorigin="anonymous" 
     src="https://developer.stackblitz.com/img/open_in_stackblitz_small.svg">

<!-- Working badge-->
<img alt="Open in StackBlitz"  
     src="https://developer.stackblitz.com/img/open_in_stackblitz_small.svg">

2. Open the DevTools Console tab
3. See error

Expected behavior
For the image to load.

Screenshots

Desktop:

• OS: Windows
• Browser: Chrome
• Version: 126

Additional context

• crossorigin="anonymous" on MDN
• Access-Control-Allow-Origin on MDN
• MDN's description of this error
• badges/shields#3273

[coder0107git]

A potential fix for this would be to add the following to netlify.toml.

[[headers]]
  for = "/img/*"
  [headers.values]
    Cross-Origin-Resource-Policy = "cross-origin"
+   Access-Control-Allow-Origin = "*"

[coder0107git]

Would submitting a PR with the suggested changes be helpful?

[samdenty]

Sure @coder0107git

[coder0107git]

Filed PR (#229)

[coder0107git]

@samdenty or @sulco Any chance #229 will be reviewed soon?