Build scan Export API is susceptible to cross-origin requests

The build scan Export API allows cross-origin browser requests to consume the event data. An attacker with the ability to execute code in the browser of a user with an active login session could leverage this to access the Export API as that user.