Thanks everyone for the feedback. There’s a few things I’ll add in response.
As an example use case, there is a project called Stlite which is a port of Streamlit to WASM using Pyodide. To make a Stlite project, the library will need to “mount” files on its local virtual filesytem to make available to the WASM Python interpreter. The underlying Javascript will make an HTTP request for these files, but without a proper Access-Control-Allow-Origin header, the call will fail. This is only one particular use case, but I imagine with the popularity of Pyodide / Pyscript rising, the need for CORS headers when developing with them will rise.
I do realize it is possible, with a little coding, to already make http.server return the proper CORS headers. And I do realize that CORS is a much bigger area than one single header, but sending access-control-allow-origin: * covers many cases you might need in development, I claim. If it’s a common enough use case, why not make it a command line option? One command line option is much easier than 15 lines of code.
Alternatively, as @sinoroc mentioned, we could perhaps introduce a generic command line option to set any header, for instance:
python -m http.server -H 'access-control-allow-origin:*'
This would be generally more useful, but also does cover the use case I was trying to solve here. A simple shell alias could make this a few keystrokes away for those who used it often. It is though a “bigger” feature in scope (although still rather easy to implement), which is why I though of the “smaller” --cors feature first.