Permission-based CORS instead of Access Controller

To enforce Same Origin policy, Brave browser could explicitly ask user for permission before executing a Cross Origin request.

This way would be more security, privacy and anti-tracking focused.

Plus, we all know CORS is not secure since anyone can create a proxy with “Access-Controller-Allow-Origin: *”

Brave could entirely disable this access controller check and only make a request if the user allows it, by displaying a yes-no popup (like the popup for notifications).

There could also be a checkbox with “always allow requests to”.