Hey there,
Freshdesk apps run inside sandboxed iframes, which makes opening external URLs increasingly unreliable due to modern browser security (e.g. Cross‑Origin‑Opener‑Policy).
This issue has already surfaced in the community, for example:
Common approaches like window.open() or <a target="_blank"> are now frequently blocked, especially when target sites enforce stricter security headers. App developers cannot control iframe attributes or access the parent window, so there is currently no supported, future‑proof way to navigate users to external tools.
Many real-world Freshdesk apps depend on external systems (shipping portals, analytics tools, third‑party SaaS backends), and missing a reliable navigation mechanism significantly limits integration capabilities.
The App SDK already provides host‑handled navigation for internal entities (e.g. opening tickets or contacts via interface / click actions), which suggests a similar abstraction could help address this gap without relying on fragile iframe-level behavior.
Providing an officially supported way for apps to request opening external URLs would greatly improve developer experience while remaining aligned with browser security constraints.
I hope this resonates with others,
Thomas