Yeah, I am not sure it is a CORS error, though that wouldn't surprise me. This looks to be an error from our API Gateway validation rules (which, at least for us, is notoriously difficult to get to send any more error data to the client)... that is to say, this will typically occur when one of the form or query string params is sending illegal data. I tried to repro last night w/ no luck. This sort of error isn't in the error logs (that we typically monitor)...