Service Worker: Disallow CORS responses for same-origin requests.

With this change, a service worker can no longer respond to a request whose mode is 'same-origin' with a response whose type is 'cors'. This is a security measure added to the Fetch specification via https://github.com/whatwg/fetch/issues/629 and https://github.com/whatwg/fetch/pull/655.

Documentation

Specification

Editor's draft

Status in Chromium

Blink>ServiceWorker


Enabled by default (tracking bug) in:

  • Chrome for desktop release 66
  • Chrome for Android release 66
  • Android WebView release 66
  • Opera release 53
  • Opera for Android release 53

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Owner

Last updated on 2018-03-28