Remove CORS from _cmsinternal

For debugging purposes we would like to call the from a local frontend project.

This gives CORS related issues.

Below the hst:clientname/hst:hosts configuration On the hst:root (primary hst:mount) we have configured the response headers:
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true

Apparently this doesn’t apply to _cmsinternal. Any suggestions/clues/tips?

Thank you.

That endpoint is added to the site mount dynamically i believe. I don’t think it’s meant to be accessed outside with a cors request. (perhaps other people can elaborate on this)

Maybe it’s an option to create a specific “preview” mount. If you create a mount with hst:type=preview