Expand my Community achievements bar.

Getting access-control-allow-origin as * in AEM cloud publisher domain

Avatar

Level 1

we are in process of migration of project from AMS to cloud in AEM.

while security review , we are getting access-control-allow-origin: * , while accessing the content/dam images, which is a high security issue.

we are not setting this in our dispatcher, but we are still getting this.

Do we have any solution for this.

Guessing is it coming from the internal Fastly's CDN?

7 Replies

Avatar

Level 1

No we are not using connected assets.

These are simple assets in publish which we are trying to access via publish domain in cloud and getting access-control-allow-origin: *

Avatar

Community Advisor

Can you share the log snippet from console as well as error log from publisher.

 

Himanshu Jain

Avatar

Level 3

Any solutions for this, to control allowed origins?

Avatar

Community Advisor

Do you have any custom servlet where you are defining the header ? 

 

Thanks

 

Himanshu Jain

Avatar

Level 3

No Servlet changes, its coming automatically on Assets/images.