On Thursday the WebAppSec WG discussed CORS for an about an hour. The W3C plans to adopt the changes made in the WHATWG copy and move the standard along the W3C Recommendation track. I explained that the long term goal is to merge HTML's fetch algorithm and CORS, as they are heavily intertwined and somewhat confusing. The reason to wait is that we want implementations to mature a bit first. It would be bad to move the goalposts just now that is happening.
If you are interested in learning more about CORS, enable-cors.org is a great initiative by Michael Hausenblas that explains how to set CORS up for your server configuration.