I have a PVA that has been published on a couple of sites owned by a client. These sites use completely different domains from each other.
In testing accessing the PVA from at least one of the sites, the user is encountering an error where the PVA has been blocked by CORS policy: No Access-Control-Allow-Origin header being present on the requested resource.
I am not aware that any CORS policies exceptions or changed need to be set on the PVA to allow it to be accessed from custom web apps. Can anyone please confirm?
Note, I do not have visibility of any specific browser security settings being used when this testing is being done.
I guess the question that I am really asking is that, do we have to explicitly set CORS policies on the Power Platform for PVAs to be used, because I would expect that in most cases the PVA is being called from a web application that is in another domain?