Thanks for this message about security. Totally agree.
However if there is no way to avoid CORS errors when making POST requests to a webhook from another domain in the browser (that is not localhost), then my app isn’t really usable 
I have setup my own proxy as there is no other solution for now from what I read online. It’s working fine 