Today the AAF device service agent’s configuration allow us to work only with a specific domain or alternatively cancel the hardening and then any domain can talk to the agent.
Regarding Access-Control-Allow-Origin header in configuration file config.properties:
The options available to us are:
see from: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin.
Our customer needs to have the option to allow requesting code from multiple pre-defined origins to access the resource.
Unfortunately, the option to set a list of domains is not supported.