It appears that the allowed origins has changed, and I can no longer make cross origin requests through my website. When making a request, web browsers do a pre-flight OPTIONS with the following headers:

OPTIONS /segments.json?agencies=395 HTTP/1.1
Host: transloc-api-1-2.p.mashape.com
User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-mashape-key
Origin: https://montclair.line72.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

This previously succeeded. The origin was accepted and the response came back with the Access-Control-Allow-Origin header. However, recently, this has stopped working, and only appears to work for a limited set of domains (origins). Through my testing, I have found the following origins are allowed:

• localhost:3000
• market.mashape.com

Will this be opened back up to allow all origins? Without this, my web app cannot support the transloc api any more.

Thank you in advance.