The problem

We have an internal website (let's call it error-viewer) for triaging errors in a particular service. We want to integrate this website with maniphest by adding the ability to associate a maniphest task with each error. We'd like this to be possible without ever having to leave error-viewer. We plan to do this by using the Conduit API.

Problem: error-viewer is hosted on production machines in a far-away datacenter. Our phabricator instance is hosted on a machine in our office and on our local network. This makes it hard for error-viewer to talk to our phabricator instance.

Suggested solution

Provide a way - through phabricator configuration - to add "Access-Control-Allow-Origin: http://www.user-specified-domain.com" headers to every Conduit API response. That way we can make requests to our phabricator instance from the browser. We'll add JS logic on error-viewer pages to create/edit maniphest tasks by making cross-origin requests to our phabricator instance on the local network.

Notes

Our setup feels hacky, I know. But it will get us what we want and I maintain that CORS support in general is a reasonable feature-request. Suggestions are welcome.