Missing CORS configuration don't disable CORS protection anymore

A missing CORS configuration set allowed-origins to *. Now a missing configuration effectively disabled CORS protection, resulting in a “same origin policy only”.

For customer with an existing CORS configuration, this change is considered as non-breaking.

All customers without a CORS configuration will encounter potential CORS restrictions eventually leading to a non working client. Please review the necessary CORS settings and add them to CAE configuration properties.

(CMS-25375)

Add Subresource Integrity for CSS and JS links to CAE

Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch are delivered without unexpected manipulation. The CAE supports SRI for JavaScript and CSS files.

All CSS and JS Freemarker templates in the blueprint are prepared and render the integrity-hash by default via a new function cm.getIntegrityHash(self).

Example:

<#assign integrityHash="${cm.getIntegrityHash(self)}"/>

(CMS-6352)