Chrome, and hopefully some other web browsers, will be limiting Cross Origin Request Sharing from external internet sources. It follows a new W3C specification known as Private Network Access (PNA). This appears to help protect local privacy by requiring the outside sources to request access via a header before they can reach local resources like routers and other such resources. Full support should be coming in May with Chrome version 101. This seems like a good step in the right directions to prevent attacks using CORS but what will it break and what is the overhead long term? I
This was heard in episode 854 of The Security Now Podcast https://www.grc.com/securitynow.htm
additional resources:
https://wicg.github.io/private-network-access/
https://developer.chrome.com/blog/private-network-access-preflight/