Install from Web: CORS fails if cookie is not set correctly
Cookie needs to be set with "SameSite=None; Secure" due to new restrictions in Chrome. If it's not then install from web will fail to pull JP login state with CORS. In addition to this it should try to fallback to JSONP if CORS fails to provide an authenticated API response. Set as low priority since site key completely avoids this issue.