Steps to reproduce
- look at an File page on commons in chrome with the WikimediaDebug plugin turned on, and pointed at one of the debug servers
- click on 'structured data' tab
- click into the 'items portrayed in this file' input box and type a word
- look in console - you'll see errors like this
Access to XMLHttpRequest at 'https://www.wikidata.org/w/api.php?action=wbsearchentities&format=json&origin=https%3A%2F%2Fcommons.wikimedia.org¢ralauthtoken=5dda404d53fb823bc91d5a3fe132f46d327a41e&search=q&language=en&uselang=en&type=item' from origin 'https://commons.wikimedia.org' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
This doesn't happen on production servers