I am trying to create a sidebar extension that needs to do API calls into another product, and ideally it would be hosted by contentful.
However apparently no Access-Control-Allow-Origin header is being sent to the iframe that hosts the application, so any attempt to directly call the API gets blocked by the browser as CORS violation.
I have failed to find any way to influence this from contenful configuration side.
Is the only approach for this kind of scenarios to host the App Framework application somewhere else outside contentful, with an additional backend?
Looking at many of the same apps on github it appears some of them managed to perform API calls, while being hosted by contentful (or at least it looks like it).
Searching for documentation on the subject only shows up content from the now deprecated UI Extensions.
Any guidance on how to approach this?
Thanks in advance for any hints.