@rvguha @jennifermarsman Improved security by enabling CORS with trusted origins. Resolved in https://github.com/microsoft/NLWeb/pull/162 needs review.