Release Notes / Version 11.2304
Table Of Contents
The former basic CORS support which implemented an "allow all origins" policy in CaasConfig was replaced by a fully configurable implementation. See the deployment manual about how to configure CORS on headless (properties
caas.cors.*
).
The default CORS configuration now sets its own installation host as the only allowed origin. As a consequence, existing client applications might break and require additional configuration.
(CMS-21831)