If you are setting up your own Movim pod and and getting errors like

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

on uploading files you probably have Movim running on movim.yourdomain.tld and ejabberd http_upload on yourdomain.tld. You have to enable CORS for ejabberd:

   mod_http_upload:
     custom_headers:
       "Access-Control-Allow-Origin": "*"
       "Access-Control-Allow-Methods": "GET, POST, PUT, OPTIONS, DELETE"
       "Access-Control-Allow-Headers": "Content-Type, Origin, X-Requested-With"

This will allow you to use http_upload on another domain on your Movim pod.

UPD: It won't work for upload.yourdomain.tld. See https://github.com/processone/ejabberd/issues/1482