From bc1a8d849324e6a049ee17b3aefb76b8f947b13a Mon Sep 17 00:00:00 2001
From: Alex Pott <alex.a.pott@googlemail.com>
Date: Mon, 3 Oct 2022 14:30:44 +0100
Subject: [PATCH] Issue #3305748 by kay_v, Spokje, bmahesh03121: improve
 instructions for allowedOrigins in default.services.yml

---
 core/assets/scaffold/files/default.services.yml | 3 ++-
 sites/default/default.services.yml              | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/core/assets/scaffold/files/default.services.yml b/core/assets/scaffold/files/default.services.yml
index 0b3b7414895e..873fc7303f62 100644
--- a/core/assets/scaffold/files/default.services.yml
+++ b/core/assets/scaffold/files/default.services.yml
@@ -204,7 +204,8 @@ parameters:
     allowedHeaders: []
     # Specify allowed request methods, specify ['*'] to allow all possible ones.
     allowedMethods: []
-    # Configure requests allowed from specific origins.
+    # Configure requests allowed from specific origins. Do not include trailing
+    # slashes with URLs.
     allowedOrigins: ['*']
     # Sets the Access-Control-Expose-Headers header.
     exposedHeaders: false
diff --git a/sites/default/default.services.yml b/sites/default/default.services.yml
index 0b3b7414895e..873fc7303f62 100644
--- a/sites/default/default.services.yml
+++ b/sites/default/default.services.yml
@@ -204,7 +204,8 @@ parameters:
     allowedHeaders: []
     # Specify allowed request methods, specify ['*'] to allow all possible ones.
     allowedMethods: []
-    # Configure requests allowed from specific origins.
+    # Configure requests allowed from specific origins. Do not include trailing
+    # slashes with URLs.
     allowedOrigins: ['*']
     # Sets the Access-Control-Expose-Headers header.
     exposedHeaders: false
-- 
GitLab