Yes, but why is the CORS required in the first place?
Freshworks products are maintained and hosted by Freshworks. The app developer provides the Freshworks app source code that renders within the Freshworks product.
Then, how is this app rendered within Freshworks products?
The answer is iframes. The iframe is an HTML element with its rendering context and helps to create a sandbox. The Freshworks apps are loaded with a CDN domain d3h0owdjgzys62.cloudfront.net.
Making an API request from Freshworks apps is common for most business use cases. When making an API request, the browser will deny the request with an error since the domain of the API request destination is different from the app's frame domain. The browser by default applies the same-origin policy to API requests for security measure. To prevent it for the Freshworks app as they are rendered with a different domain, the CORS behaviour has to be applied to access resources from other domains including your own API servers and any third-party API services.
To enable CORS behavior for your API requests, the domain of the Freshworks app source has to be added to the "Access-Control-Allow-Origin" response header to the API services. This domain allowlisting may only sometimes be possible as the app developer would only own some of the API services that the app connects with.
Now, come to a way to overcome this
Freshworks has Request Method feature that acts as a proxy service to avoid the issues and requirements for CORS.
With the Request Method, the API request from the Freshworks apps is sent to the destination API through the Freshworks platform. Since the API requests are not sent directly by the browser, the restriction of cross-domain resource access is not applicable and avoided.