This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
+++ This bug was initially created as a clone of Bug #14700 +++ In the eventual "How to use CORS" section point out that you can use Access-Control-Allow-Origin:* safely on servers not behind a firewall.
https://github.com/whatwg/fetch/commit/a026e115be02f3d76bf2d63fbd2e70fa9091b1e5