Often one of the blockers to onboarding new clients onto an API is the fact that Cross-origin resource sharing (CORS) is not enabled; therefore it hinders developing any client side applications that run in browsers.
If you are not familiar with Cross-origin resource sharing (CORS) then it is a specification that permits cross-domain requests from one domain to another domain via a browser e.g. http://example.com can’t request resources from http://mendeley.com unless CORS is enabled on the server.
After some consideration we went ahead and enabled CORS and added support for OAuth 2.0 Implicit Grant Flow.
So what does this mean exactly?
In essence this means there is no longer any limitations for creating browser-based client-side web applications using the Mendeley API. You should be good to go.
As we have stated previously we are currently working on improving the documentation so until then if you have questions on CORS and the Implicit Grant Flow then please email us at firstname.lastname@example.org