Hello,
Yes, indeed, the CORS setup is to be done on your own API, to let it know it can accept requests from domain app.forestadmin.com
Sorry but actually the CORS documentation that I was thinking about only concerns Ruby on Rails.
If you are using express, the config in your API would look something like this:
const express = require('express')
const cors = require('cors')
const app = express()
app.use(cors({
origin: [
'https://your.app.domain.com/*',
'https://app.forestadmin.com/*'
],
}));
Guide
You may need to adapt the configuration to your own use case and libraries
If you still encounter CORS errors in your browser, check in your dev tools which URL triggered them and consider adding them to your CORS exceptions.
Note: ensure that your own frontend will still be able to access your app !!!