Release Notes / Version 12.2401
Table Of ContentsMissing CORS configuration don't disable CORS protection anymore
A missing CORS configuration set allowed-origins to *. Now a missing configuration effectively disabled CORS protection, resulting in a “same origin policy only”.
For customer with an existing CORS configuration, this change is considered as non-breaking.
All customers without a CORS configuration will encounter potential CORS restrictions eventually leading to a non working client. Please review the necessary CORS settings and add them to CAE configuration properties.
(CMS-25375)