I have a Javascript application that stores it's data on the user's OneDrive or Sharepoint and it works absolutely fine for choosing a save location and storing the files but I can't retrieve them because the "Download a file" endpoint ( as documented here ) returns a 302 redirect to a URL that does not have any Access-Control-Allow-Origin options set so the moment I try to retrieve it I get a CORS error. More detail on my situation in this StackOverflow question.
As full applications in Javascript become more ubiquitous, forcing a full redirect is going to be increasingly untenable and at it's most basic this would be a case of adding an Allow-Access-Control-Origin header to the 302 response.