FDP_SOP_EXT.1.1 needs to allow for permissible Cross Origin Resource Sharing

[muchlikeacat]

FDP_SOP_EXT.1.1 states:
The TSF shall only permit scripts contained in one webpage to access data in a second webpage if both pages are from the same origin.

However, modern browsers have mechanisms by which web applications can authorize scripts operating from a different origin (whether part of the same application or a different application) to access data/resources. This type of sharing is referred to as Cross Origin Resource Sharing (CORS) and is a critical capability for many complex applications. Recommend adding language that provides an exception here for CORS that has been authorized by the target origin.