Enable cors for static files by default

I would really like to see netlify to enable CORS by default for static assets. I know it is possible to change the setting on CORS through the configuration; however most people don’t bother to change. Consider netlify is advocating the JAMStack technology, it is really fitting if Netlify can be more liberal in CORS. Consider there is really no risk to serve static files with CORS, I would propose to:

  • serve all static assets with access-control-allow-origin: * header by default; user can opt out by changing configuration
  • serve all serverless functions are with no CORS by default and user can opt-in just like right now

BTW, vercel and github pages already turn on access-control-allow-origin: * for static assets.

Hey there, @derek-zhou :wave:

Thank you so much for bringing this to our attention, and welcome to the Netlify Forums :netliconfetti: . I appreciate the detailed feedback you have outlined here. I will bring this to the appropriate folks for consideration.