We already have an Access-Control-Allow-Origin: * header and this should be enough for most browsers, i.e. we don't put any special prohibitions.

We have recommending npm packages that can help bypass CORS restrictions during development. For example http-proxy-middleware (This package allows you to easily create a proxy server that can redirect requests to the API and add CORS headers to them) or cors-anywhere (This package allows you to create a Node.js proxy that adds CORS headers to requests. But it cannot be used in production).

If proxy server configuration will not be available in your environment. In such cases, one solution may be to use external proxying services that can add CORS headers to your requests without having to configure your own proxy server.

Maybe this will help you:

• Cloudflare Workers: a service that allows you to run server-side code at the edge of the Cloudflare network. You can create a Worker that acts as a proxy by adding CORS headers to requests to your API.

• CORS Anywhere Web Version, or analogs. These services can be limited in terms of performance and security, so they should only be used for development and testing.

Example of using an external service: Suppose you are using an external proxy service to add CORS headers. You would need to change the request URL in your AppGyver or SAP Build application so that it is first routed to the proxy, and then the proxy redirects the request to your API. For example, instead of going directly to https://gate.whapi.cloud/groups?GroupID=..., the request goes through https://your-proxy.com/https://gate.whapi.cloud/groups?GroupID=..., where https://your-proxy.com/ is your proxy that adds the CORS headers.