If you want to use the Stormworks HTTP API in this Lua IDE you have two choices:
NOTE: Both options end up in the same result, it is your choice: either be lazy and use option A or have full control over CORS Headers and go with option B. In case you are paranoid, you will probably prefer option B.
I created a special browser extension that adds those CORS Headers to the HTTP requests automatically, even if your webserver does not provide any CORS Headers.
This happens only for https://lua.flaffipony.rocks and does not effect other websites!
The browser extension is available for Firefox and Chrome (they do exactly the same and have the same code)
Depending on the webserver you are using, the approach is different. I offer you example implementations for the the systems i have sufficient experience.
Use the simple cors package from npm https://www.npmjs.com/package/cors
In your app.js or index.js you can configure cors to only allow https://lua.flaffipony.rocks