Avatar

Level 4

Hi
The answer should be focus on CORs policy update
Best practice will be white list all the domain the application/web is using (its good for content security)

 

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

Access-Control-Allow-Origin: https://foo.example