A partial archive of discourse.wicg.io as of Saturday February 24, 2024.

[Proposal] New fetch mode “foreign-cors”


migrated from https://es.discourse.group/t/new-fetch-mode-foriegn-cors/441

In many use cases of fetching data from cross origins, It doesn’t matter “who” fetchs the data and data will be the same for every one. In those cases, cors is just a trouble and people often use cors proxies as a workaround.


This mode fetch content as a standalone native app and don’t send any browser data, such as cookies, preferred language, … .


  • It fix most cases of cors problems
  • No need for cors-proxy
    • no third party down time or gone away (like dead cors.io or crossorigin.me)
    • no risk of man in the middle by proxy
  • Fill the gap between native app and web app

One of the reasons CORS is needed is to protect internal servers from request types they may not expect. See https://annevankesteren.nl/2015/02/same-origin-policy


Range of local IPs (e.g. 192.168.., 10...*, … ) can be forbidden. And user can customize this behavior and shape her internal network in browser setting. This setting can also be reused in raw-socket proposal