Hi Nester,
My questions are very related to the topic at hand and, although I’m pretty sure it’s a few very tiny things that I’m missing, I too am struggling for answers.
My situation is simple: I have an Express server (Node) that can authenticate and call the Shopify admin API without problems when the process is initiated from a client app sitting on the same domain. When I initiate the oAuth flow from a client app sitting on a different domain (i.e. this client calls my secure server and this server attempts to establish contact with Shopify) then I end up with the CORS error described above.
I believe this is a reasonable (and possibly even popular) architecture and so it must be something simple I’m missing on my end.
Can you confirm if this is possible and - if so - if an example exists that I can study to see where I’m going wrong?
Hein