It looks like this could affect usage of a localhost redirect uri in an OIDC flow. To make them work there might be an actual listener required to be available on the URL which responds to a CORS pre-flight request. From what I can see this would not affect claimed URLs or custom schemes.
This likely something we need to point out in the docs and possibly update our samples with code to handle the CORS pre-flight request.
Chromium intends to implement https://wicg.github.io/private-network-access/ This was incorrectly enabled too early which caused issues for users: https://issues.chromium.org/issues/330364341
It looks like this could affect usage of a localhost redirect uri in an OIDC flow. To make them work there might be an actual listener required to be available on the URL which responds to a CORS pre-flight request. From what I can see this would not affect claimed URLs or custom schemes.
This likely something we need to point out in the docs and possibly update our samples with code to handle the CORS pre-flight request.