Document new Client.EnableCors custom runtime setting

content/en/docs/refguide/runtime/custom-settings/_index.md

@@ -66,6 +66,7 @@ The following custom settings can be configured:
 | <a id="commendixcoreProcessedTasksCleanupBatchSize" href="#commendixcoreProcessedTasksCleanupBatchSize">com.<wbr>mendix.<wbr>core.<wbr>ProcessedTasksCleanupBatchSize</a> | This setting specifies how many System.<wbr>ProcessedQueueTask objects will be removed from the database each time the ProcessedTask cleanup action runs. See [Task Queue](/refguide/task-queue/#cleanup) for more details. | 10000 |
 | <a id="com.mendix.services.publish.AllowWebServiceUserBasicAuthenticationInODataAndREST" href="#com.mendix.services.publish.AllowWebServiceUserBasicAuthenticationInODataAndREST">com.mendix.services.publish.AllowWebServiceUserBasicAuthenticationInODataAndREST</a> | Set to `true` to allow web service users to access published [OData](/refguide/published-odata-services/) and [REST](/refguide/published-rest-services/) services when using basic authentication. | false |
 | <a id="EnableApacheCommonsLogging" href="#EnableApacheCommonsLogging">EnableApacheCommonsLogging</a> | Some libraries used by the Mendix runtime use [Apache Commons](https://commons.apache.org/) for logging. By default these log messages are suppressed. Set this value to `true` to receive the log messages from these libraries in the Mendix logs. | false |
+| <a id="EnableCors" href="#EnableCors">Client.EnableCors</a> | When set to `true`, the runtime will respond to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) preflight `OPTIONS` requests on client-related request handlers. This is required when the Mendix client is accessed from a different domain. Use this setting in combination with the <a href="#Headers">Headers</a> runtime setting to specify the required CORS headers, such as `Access-Control-Allow-Origin`. | false |
 | <a id="HashAlgorithm" href="#HashAlgorithm">HashAlgorithm</a> | Specifies the hash algorithm used to generate hash values for attributes of the HashString type, such as the password of a user. This setting overrides the setting in Studio Pro, see [Hash Algorithm](/refguide/runtime-tab/#hash-algorithm). Possible values are `BCRYPT`, `SSHA256`, `SHA256` (not recommended) and `MD5` (not recommended). To override the default BCrypt cost, you can specify `BCRYPT:cost`, where 'cost' is a number between 10 and 30. An example value is `BCRYPT:12`. | BCRYPT |
 | <a id="httpclientCleanupAfterSeconds" href="#httpclientCleanupAfterSeconds">http.<wbr>client.<wbr>CleanupAfterSeconds</a> | For the call REST service and call web service activities, the first request to a new host will create an HTTP client that will handle subsequent requests. When there are no new requests to the host for the specified time, the HTTP client will be cleaned up. A value of `0` means no cleanup.<br/>{{% alert color="warning" %}}If the infrastructure provider closes this connection before this cleanup time, you can receive a `java.net. SocketException: Connection reset` error. You can reduce this value to prevent this, or handle the error in your [REST call](/refguide/call-rest-action/#troubleshooting).{{% /alert %}} | 355 (355 seconds) |
 | <a id="httpclientMaxConnectionsPerRoute" href="#httpclientMaxConnectionsPerRoute">http.<wbr>client.<wbr>MaxConnectionsPerRoute</a> | The [maximum number of connections for a route](https://hc.apache.org/httpcomponents-client-4.5.x/current/httpclient/apidocs/org/apache/http/impl/client/HttpClientBuilder.html#setMaxConnPerRoute(int)) for call REST service and call web service activities.<br/>{{% alert color="warning" %}}If your app uses these calls, it is strongly recommended that this value is increased. The default could prevent multiple end-users accessing the API simultaneously. A good value is around the number of concurrent users you expect, with a maximum of 250. The value of `http.client. MaxConnectionsTotal` may also need to increase.{{% /alert %}} | 2 |