Release Notes / Version 12.2404
Table Of ContentsHeadless-Server Missing CORS configuration now disabled CORS protection
A missing CORS configuration set allowed-origins to *. Now a missing configuration effectively disabled CORS protection, resulting in a “same origin policy only”.
Follow Section, “Headless-Server Missing CORS configuration now disabled CORS protection” for upgrade information.
(CMS-24249)