Multiple cors origins on hosted discourse?

So, as far as I can tell, all requests are coming through correctly. Here are the ones from discourse.org:

And these are from our https://community.transloadit.com server:

There are no errors in the console (that relate to discourse, or would stop javascript execution):

Yet I keep seeing that “Error Embedding” message when testing locally. From the server side, I have configured these four allowed embedding hosts:

… as well as enabled these CORS origins:

which according to these instructions are the common things that go wrong.

I’m sure I’m doing something silly but since there’s no error I’m unsure how to debug this further. Would you have clues?