That's what I mean: this doesn't address the concerns in the security advisory, to quote it: "This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy (SOP), this could cause a very serious security threat to the users of this middleware."

(again, I don't necessarily agree with it, I think users should already know the implications when they enable it)