ok, I'm too stupid - I have two local rails apps, one running on 127.0.0.1:3000, and the other on 127.0.0.1:3001. From 127.0.0.1:3001 I want to do a fetch("http://127.0.0.1:3000/api/somethings.json") in JS.
At the moment I get "Origin http://127.0.0.1:3001 is not allowed by Access-Control-Allow-Origin"
where do I have to add what to add this? my attempts at modifying config/initializers/content_security_policy.rb failed, as did my try to call `content_security_policy false` in the ApplicationController