It seems there was a recent change in the validation of the allowed_origins, both when used through API (using a0deploy) and through the dashboard. The change prevents using chrome-extension:// as scheme, which is required when logging in through a chrome extension, and was working just fine until now.
I updated that field without the chrome-extension:// value to test that that was indeed the issue and now my live chrome extension is broken !
Please revert that change! Any scheme should be valid in that field!