@kitori It looks like Dashboard sets Access-Control-Allow-Origin to '*' which according to Google SHOULD mean everywhere, but for some reason isn't. Anybody have any idea why, does this header need to be explicit in certain cases or something like that?
Anyway, I think you might be on to something. I've configured Traefik to overwrite the header with my explicit URL. Now let's wait and see...
The only thing I can think of immediately is that maybe browsers or the proxy are ignoring it since I don't believe it is considered good practice? It rather negates the reasons for using CORS in the first place doesn't it?
Maybe you are hitting something I came across recently as well? That Socket.IO has its own header handling. Perhaps it is Socket.IO connections that have problems?
I think probably the immediate cause is not important. The solution is to catch all failure modes on connection and force a full page reload, there are one or two situations where this does not happen. I can probably implement that but not for a couple of weeks due to pressure of other stuff.