Hello Andreas,
Today I encountered a similar problem, and I struggled to find a solution on the documentation and forums.
I finally managed to fix it by enabling CORS in the /edx/etc/lms.yml config file. Specifically, I changed
CORS_ORIGIN_ALLOW_ALL: true
FEATURES:
…
ENABLE_CORS_HEADERS: true
I assume you can also whitelist your domain by modifying:
CORS_ORIGIN_WHITELIST:
Best
Joan