The cross origin request policy should be to disallow cross origin requests by default. This will make existing client code behave the same as before.
Created attachment 89451 [details]
Sorry for the churn, got this wrong somehow.
The commit-queue encountered the following flaky tests while processing attachment 89451 [details]:
http/tests/misc/favicon-loads-with-icon-loading-override.html bug 58412 (author: email@example.com)
The commit-queue is continuing to process your patch.
Comment on attachment 89451 [details]
Clearing flags on attachment: 89451
Committed r83829: <http://trac.webkit.org/changeset/83829>
All reviewed patches have been landed. Closing bug.