You can add CORS and CSP directives to EmpowerID directly from the application itself. This frees you from needing to open and edit the EmpowerID web.config file on all your EmpowerID servers. Once you add your specific CORS and CSP directives in the Web UI, you simply restart the EmpowerID Web Role Windows Service to have those changes propagate to the web.config file.
...