Maluen
commented
9 years ago If we can't provide needed functionality without using the CORS-unsupported API, then there are few options:
- Make the server do the calls. This is basically the proxy server they suggested.
- Use a desktop app to do the calls. We could use the capture app, but it isn't intended to do this sort of things and seem a bit of an hack.
- Use a browser extension. I would exclude that since need development for each browser and would be used only to provide this limited feature, moreover there is one more thing that the user must install.
If we don't need to get the response from the API calls, I think we could use auto-submitting forms, images pointing to the URL (google analytics way, only for GET calls), iframes (GET only too) or a mixure of those.
Otherwise, if we have the ability to add a custom script to a freshdesk/desk page, we can call this page by means of an hidden iframe and make the custom script do the calls, this if the page uses same port/protocol/etc of the API endpoint, so that we can bypass CORS restrictions. The script could do the API calls by using any HTTP method.
Moreover, we could then get the response by using HTML 5 Messaging API (postMessage).
In any solution, since calls would be made indirectly, we have to spot for any missing cookie problem.
iorad
I ran into CORS restrictions when creating freshdesk and desk prototype.
Both support emails suggest us run a proxy server. From the Freshdesk support email forwarded from @iorad, I see that their CORS support is WIP, which means we can't rely on that.
@Maluen what do you reckon?