Cross-origin protections tighten (CORB and Private Network Access) AI-researched
Dependency: CORS/CORB browser security
Chrome-era cross-origin hardening (CORB) and later Private Network Access restrictions reduce what browser code can read or request cross-origin, breaking works that sniff, scrape, or assemble media across domains.
Affected Artworks
Gregory Chatonsky
Cross-origin 'sniffing' of YouTube/Flickr-like sources. Browser blocks reads/requests.
Beat Brogle & Philippe Zimmermann
Aggregates many remote images in rapid sequence. Cross-origin barriers increase.
Brian Piana
Reads platform data and media across origins. Cross-origin API constraints compound platform lock-ins.
Fixes & Mitigations
- Workaround: Move cross-origin fetching to a server-side component under curatorial control; emit clean CORS headers.
- Workaround: Correct MIME types and enable appropriate CORS on owned endpoints.
CORB blocks certain cross-origin responses from being delivered to web contexts when they might leak sensitive data. Later, Private Network Access restricts requests from public sites to private network resources.
Notes
Cross-origin changes don’t “kill the web,” but they do kill a class of artworks that treated the browser as a permissive data-mining agent.