I would really like to see netlify to enable CORS by default for static assets. I know it is possible to change the setting on CORS through the configuration; however most people don’t bother to change. Consider netlify is advocating the JAMStack technology, it is really fitting if Netlify can be more liberal in CORS. Consider there is really no risk to serve static files with CORS, I would propose to:
- serve all static assets with
access-control-allow-origin: *header by default; user can opt out by changing configuration - serve all serverless functions are with no CORS by default and user can opt-in just like right now
BTW, vercel and github pages already turn on access-control-allow-origin: * for static assets.
. I appreciate the detailed feedback you have outlined here. I will bring this to the appropriate folks for consideration.