package upload fail on SVG with scripts

hicetnunc now uses the package during the minting process.
Uploading a normal SVG works fine.
Uploading an SVG with embedded <script> tags fails with a CORS error:

Access to fetch at ''; from origin ''; has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Does anyone know why this might be? Is there a sanitizer on the upload script that doesn’t like scripts in the SVG files?

Looks like CORS error connecting to through the browser · Issue #175 · ipfs-shipyard/ · GitHub