3263904 - Companion (Web Assistant) fails with CORS error or works for Fiori Launchpad on one site, but not on others

When opening the Fiori Launchpad in a extended or custom content scenario, the Web Assistant does not allow custom content scenario, and has console log errors:

• Access to XMLHttpRequest at 'https://<customer host>.enable-now.cloud.sap/wa/<work area>/~tag/published/.record' from origin 'https://<launchpad host>' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
• Access to XMLHttpRequest at 'https://<customer host>.enable-now.cloud.sap/pub/<work area>/.catalogue?%7B%22product%22%3A%22SAP_S4HANA_ON-PREMISE%22%2C%22version%22%3A%222020.latest%22%2C%22appUrl%22%3A%5B%22Shell-home%22%2C%22Shell-home!whatsnew%22%5D%2C%22locale%22%3A%5B%22en-US%22%2C%22en-GB%22%5D%2C%22solution%22%3A%22S%2F4HANA%22%7D' from origin 'https://<launchpad host>' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

• SAP Fiori Launchpad
• SAP Companion (Web Assistant)

CORS cross-origin resource sharing xss cross-site scripting , KBA , KM-SEN-CMP , SAP Companion former known as Web Assistant , Problem