To enforce Same Origin policy, Brave browser could explicitly ask user for permission before executing a Cross Origin request.
This way would be more security, privacy and anti-tracking focused.
Plus, we all know CORS is not secure since anyone can create a proxy with “Access-Controller-Allow-Origin: *”
Brave could entirely disable this access controller check and only make a request if the user allows it, by displaying a yes-no popup (like the popup for notifications).
There could also be a checkbox with “always allow requests to domain.com”.