Adobe Experience Manager Sites & More

mukeshsingh · 3/27/22

we are in process of migration of project from AMS to cloud in AEM.

while security review , we are getting access-control-allow-origin: * , while accessing the content/dam images, which is a high security issue.

we are not setting this in our dispatcher, but we are still getting this.

Do we have any solution for this.

Guessing is it coming from the internal Fastly's CDN?

Himanshu_Jain · 3/27/22

Are you using connected assets ? If yes then take a look

Himanshu Jain

mukeshsingh · 3/28/22

No we are not using connected assets.

These are simple assets in publish which we are trying to access via publish domain in cloud and getting access-control-allow-origin: *

Himanshu_Jain · 3/28/22

Can you share the log snippet from console as well as error log from publisher.

Himanshu Jain

rkmk107 · 2/29/24

Any solutions for this, to control allowed origins?

Himanshu_Jain · 3/4/24

Do you have any custom servlet where you are defining the header ?

Thanks

Himanshu Jain

rkmk107 · 3/4/24

No Servlet changes, its coming automatically on Assets/images.

Himanshu_Jain · 3/5/24

Check /clientheader config in aem dispatcher .

Thanks

Himanshu Jain

Getting access-control-allow-origin as * in AEM cloud publisher domain