hapi v11.0.0 is primarily a rewrite of the CORS implementation. The previous code was both confusing, an incorrect implementation of the protocol, and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to be forbidden. The change removes half the CORS options available and moves the implementation to be truly per-route without any connection-wide catch-all.
You don't have to change anything if:
The main changes are:
The text was updated successfully, but these errors were encountered: