Controlling CORS on a static website

Any way to control CORS on a static website, especially one with a custom domain? I’d like to let some external iframes run on my site. Do I have to turn my static site into an Express app or something?

Hm…that’s a really interesting question. I’m not aware of any way to do CORS configuration within having some control over headers/the server.
I think you’re going to have to turn it into an express app – the good news is, if you haven’t seen it already, the hello-express project is a great starting point!