How to set CORS for BlazorWebView to allow Drag-and-Drop into IFRAME?

[UweKeim]

Currently I am trying to drag items from a Blazor component inside a WinForms BlazorWebView (added via AddWindowsFormsBlazorWebView()) into an an HTML document that was loaded from another URL into an IFRAME on the same Blazor component.

Something like this:

While I have access to the web server that serves the IFRAME content document and am able to set the required CORS HTTP headers like Access-Control-Allow-Origin: *, drag and drop still fails (cannot drop into IFRAME since CORS requires source and destination to allow).

The reason is that I have no way of telling the BlazorWebView to also have Access-Control-Allow-Origin: * as it is not actually loaded but simply uses https://0.0.0.0 as its "virtual" URL.

My question

is it somehow possible to tell BlazorWebView (or the underlying WebView2) to have certain CORS settings applied to the currently active https://0.0.0.0 URL?

[UweKeim]

I do think I found a workaround by disabling web security, as I describe in this Stack Overflow answer.

The key takeaway is to use "--disable-web-security" as an additional browser argument inside the BlazorWebViewInitializing event.

I do think this is rather a hack than a real solution but at least it seems to work in my scenario with acceptable compromises in my scenario.

Still I would absolutely love to specify CORS directly for the infamous https://0.0.0.0 that haunts me so often.