Since that task has no new comment since Nov 2015, I think it's better to allow "localhost" first before extending it to that task itself, i.e. solve smaller issue before solving a much larger issue.
Honestly, I feel a bit iffy about this. I'm not sure if there would be any security badness from doing this, but it just feels "icky"
Maybe people who need this sort of thing, could just add something like
To their /etc/hosts, and then test their thing using foo.wikipedia.org as the local web server.
@Bawolff Not sure a DNS kludge is optimal. You can't change /etc/hosts on Chromebooks (ChromeOS mount this partition in read only mode) or on machines you are not root. But then, develop on a machine without root access isn't optimal, and we have recommendations for Vagrant.
@csteipp Do you see any risk (a rogue browser extension for example?) for a CORS rule including localhost?
I think T62835: Enable cross-domain API requests in API's JSON responses will address the main use cases, and adding localhost does not seem like a wise thing to do. While I sympathize with making things easier for developers, I think this opens too much attack surface for the benefit.