Please help us help you and fill where relevant:
Your LimeSurvey version: LimeSurvey Community Edition Version 6.5.2+240402
Own server or LimeSurvey hosting: hosted home (nas)
Survey theme/template: n/a
==================
Sorry for the basic question but I am using JSON-RPC api's to retrieve user token responses.
As subdomain requester is not the same, I had to activate "Définir l’entête Access-Control-Allow-Origin :" = Oui in order to make it works and it was fine, I could got the sessionKey and retrieve the answers based on a token until yesterday, when I did the update to the last version.
In order to solve this, I tried to restart webserver, activate/deactivate the option to Yes/No again and save the setup.
Unfortunately without any results, as I am a generalist but not expert enough to debug all of this without help.
I could not find specific information on the manual, maybe I was searching on the wrong place.
Does something change in JSON-RPC way of working or pages ? Where to find theses specific pages ? I am interested to better understand this as my scope would like to restrict access as explained in the  developer.mozilla.org/en-US/docs/Web/HTTP/CORS  documentation : Access-Control-Allow-Origin: foo.example .
Thanks a lot in advance.
C.

PS : same request in a local tool works fine (used insomnia)

Workaround found : reverse back to previous installation (version LimeSurvey Community Edition Version 6.5.1+240320)

Please submit a bug report - bugs.limesurvey.org