I'm not sure what the best way to resolve this issue is, but here are some suggestions:
1) CORS whitelist origins
Manual, tedious, has to be updated for new third-party applications...
2) CORS whitelist all origins
:warning: Bypasses the point of CORS...
3) Host the third-party applications on the same domain as Gondul
Drastically reduces the simplicity of developing against the API
Further thoughts:
Consider whitelisting some other HTTP methods, as well as the Authorization header. GET/HEAD is currently allowed through, but not with Authorization, so only for same-origin requests, where CORS isn't an issue... :D
Over at https://github.com/sklirg/pocket-gondul I require some CORS changes to be able to work with the Gondul API.
I'm not sure what the best way to resolve this issue is, but here are some suggestions:
1) CORS whitelist origins
2) CORS whitelist all origins
3) Host the third-party applications on the same domain as Gondul
Further thoughts:
Consider whitelisting some other HTTP methods, as well as the Authorization header. GET/HEAD is currently allowed through, but not with Authorization, so only for same-origin requests, where CORS isn't an issue... :D