How to Share Data Between JS Apps on Different Domains Without CORS?

One possible solution is to build your own backend that acts as a proxy. It would handle requests and add the necessary CORS headers to allow data exchange. However, based on the rules you're working within, it sounds like that's not an option for you since everything needs to be done client-side without a proxy server.

Another approach could be using the postMessage method. It’s primarily meant for sending data between different browser windows or iframes, but it might fit the bill depending on how your apps are structured.

You could potentially leverage the same-origin policy if both apps share a common parent domain. If app A and app B are hosted on subdomains of the same parent domain, you could set document.domain to the parent domain, but be careful as this method is deprecated and may not work in all cases.

You could also look into other iframe tricks to pass data between contexts, but those aren’t the cleanest solutions either. Generally, CORS is implemented for a reason, and working without it can be tricky!

Have you considered using JSONP? If the backend supports it, it can work around CORS limitations. JSONP allows you to fetch data by injecting a script tag into your page that points to the API. Make sure the API responds with the correct content type.

If the backend doesn't support JSONP or you can't change server settings, your options are definitely limited. You might also explore using iframes, though it can be pretty hacky.