hicetnunc now uses the nft.storage package during the minting process.
Uploading a normal SVG works fine.
Uploading an SVG with embedded <script> tags fails with a CORS error:
Access to fetch at 'https://api.nft.storage/upload'; from origin 'https://hicetnunc.xyz'; has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Does anyone know why this might be? Is there a sanitizer on the upload script that doesn’t like scripts in the SVG files?