Calling external API from forge app - CORS issue and is that "from URL" changing?

Hi guys,
I’m new at Forge apps and I’m creating this app that will call an endpoint to retrieve data.
I’m facing a CORS issue but I’m not sure what is the right URL to add in my server whitelist.
When I check the logs with the CORS issue I can see the following from URL https://[uuid].cdn.prod.atlassian.net

So, I have a few questions:

  1. What is this uuid? Is that changing? It will be a different value for every confluence instance that has the app installed?
  2. Is there a best practice to deal with those CORS issues? For example, should I do the request from the frontend resource or from the backend with the fetch from @forge/api?

I would like to avoid using wildcard for the uuid like that *.cdn.prod.atlassian.net, I wonder if there is another way to do it.

Best,
Joao

@JoaoVS,

The following addresses IP addresses and domains for allow listing like CORS:

Outgoing connections from forge apps dont come from those IP addresses, I have whitelisted everything there and still gets blocked.